07-31-2007 05:21 AM - edited 03-09-2019 06:30 PM
Hello.
Routing truble on PIX ??
inside PC-10.100.4.111 can't connected to remote sites PC-10.100.110.111 etc..
the pix are default gateway on PC.
It is some way to do this ?
I have one PIX525 Version 7.2(2)
two VPN3005 Version 4.7.2.L
one WS-C4006 Version 12.1(20)EW
I have a main site connected to internett with a WS-C4006 router
passing traffic to PIX and VPN3005 with there global IP addresse.
The remote site's are connected to VPN3005-1
14 remote site IP 10.100.110.0/24 10.100.120.0/24 etc... (routers C1800..)
--- Confiuration: -------------------------
PIX525
outside = Global-IP.254
inside = 10.100.4.250/24
route outside 0.0.0.0 0.0.0.0 Global-IP.1 1
route inside 10.100.110.0 255.255.255.0 10.100.4.251 1 (?? Not working)
VPN3005-1 (this is use for remote site office)
Public = Global-IP.251
Private = 10.100.4.251
VPN3005-2 (this is use for vpn Client only)
Public = Global-IP-252
Private = 10.100.4.252
-------------------------------------------
Thanks for your help
Tor
07-31-2007 06:37 AM
you need to enable hairpinning on the PIX. by default the pix can't reroute traffic out the same interface on which it was received.
try adding the command:
same-security-traffic permit intra-interface
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1289167
08-01-2007 03:32 AM
It's not help ?
The are none router inside
the PIX are default gateway
I------------------I
I Internal Network I --> 10.100.4.1 {Inside} PIX 128.39.184.254 {Outside} --> ISP Router
I Internal Network I --> 10.100.4.251 (Private)VPN3005-1 128.39.189.9 (Public) --> ISP Router (Connect to remote office)
I Internal Network I --> 10.100.4.252 (Private)VPN3005-2 128.39.189.129 (Public) --> ISP Router (vpn klients)
I------------------I
It is any way to do this.
Regars,
-Tor
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: