HELP! Weird Problem With PIX 501

Answered Question
Oct 9th, 2008
User Badges:

Hi,

Attached is the network diagram and Pix Configuration. We have data circuits for all our branches just installed. The problem is that the Pix just stops to ping the branch Office routers.


1. From the Pix can ping 192.168.1.2 & 1.3


2. From 192.168.1.2 & 1.3 can ping all the networks.


3. From the Pix cannot reach the branch routers.


Appreciate all your support.


Regards


Sarfaraz



Correct Answer by Marwan ALshawi about 8 years 6 months ago

the idea as follow


u have the static route configured corectly on ur PIX


on the ISP router u need static route point to each barnch offic network thorugh the isp ip u have

and u need a static route like

try the following line to the ISP router and try then try to pin


ip route 192.168.1.0 255.255.255.0 192.168.1.254


for returne traffic or traffic comeing from branch to ISP going to PIX


in ur ISP i have seen u done like


try the following line to the ISP router and try then try to pin


ip route 192.168.0.0 255.255.0.0 10.x.x.x


this include 192.168.1.0/25 so the traffic when wanna go to the PIX network will go back to the ISP and this is the problem u have


try to fix it based on the above directions

good luck



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marwan ALshawi Thu, 10/09/2008 - 00:52
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

do the branch routers have route to the pix configured correctly ?

Marwan ALshawi Thu, 10/09/2008 - 01:34
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i can see the problem is routing issue


one more question the ISP routers belong to u ? i mean u have its config ?


can u tell me the IP address of directly conected interfaces of ISP1 and the brach router u sent me to give u the right config

sarfarazkazi Thu, 10/09/2008 - 01:38
User Badges:

Dear Marwan,


Attached is the configuration of the HO router(isp1.txt) and the branch router (apbbr.txt)


Sarfaraz



Attachment: 
Marwan ALshawi Thu, 10/09/2008 - 01:49
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

ok

in ur diagram there is somthing missing

what are these IPs


10.250.3.1

10.250.17.2


can u tell me what connectivity between the ISP rote and the brantch routers and do u have the connection direcrctly from pix to ISP?

and on ur pix i see u have the interface with ip 192.168.1.254

and u have other interface on the pis has ip in the same subnet !!!!


sorry but i want to be aware about the network

sarfarazkazi Thu, 10/09/2008 - 01:55
User Badges:

The IPs are of the ISPs. My LAN range is (192.168.1.0/254) I am not well versed with Pix. This is how it is.. I am using these IPs from the range to route the branch subnets. It was working and then it stopped.


Pix IP- 192.168.1.254

ISP-1 router IP: 192.168.1.2


ISP-2 router IP: 192.168.1.3


I have attached the configuration of pix as well.



Attachment: 
Marwan ALshawi Thu, 10/09/2008 - 02:02
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

please

what these IPs represent

10.250.17.1

10.250.3.1

sarfarazkazi Thu, 10/09/2008 - 02:04
User Badges:

these IPs belong to the ISP backbone. They are /30 subnets for routing in their internal network. I have nothing to do their network.



Marwan ALshawi Thu, 10/09/2008 - 02:05
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

please

what these IPs represent

10.250.17.1

10.250.3.1

sarfarazkazi Thu, 10/09/2008 - 02:27
User Badges:

I have already mentioned that the router belongs to ISP they are the ones who are routing it.

Marwan ALshawi Thu, 10/09/2008 - 02:33
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

try to add the following line on ISP route

ip route 192.168.1.0 255.255.255.0 192.168.1.254


and let me know

sarfarazkazi Thu, 10/09/2008 - 02:50
User Badges:

No it doesnt work. From pix (1.254) i can ping (1.2). From (1.2) I can ping 2.1,3.1,4.1. But from the Pix I cannot ping 2.1,3.1 & 4.1


Correct Answer
Marwan ALshawi Thu, 10/09/2008 - 03:08
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

the idea as follow


u have the static route configured corectly on ur PIX


on the ISP router u need static route point to each barnch offic network thorugh the isp ip u have

and u need a static route like

try the following line to the ISP router and try then try to pin


ip route 192.168.1.0 255.255.255.0 192.168.1.254


for returne traffic or traffic comeing from branch to ISP going to PIX


in ur ISP i have seen u done like


try the following line to the ISP router and try then try to pin


ip route 192.168.0.0 255.255.0.0 10.x.x.x


this include 192.168.1.0/25 so the traffic when wanna go to the PIX network will go back to the ISP and this is the problem u have


try to fix it based on the above directions

good luck



sarfarazkazi Thu, 10/09/2008 - 03:20
User Badges:

yeah got it working now...thank u so much for your time and efforts..


Sarfaraz

Marwan ALshawi Thu, 10/09/2008 - 03:24
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i am glad its working now


was the static line the problem right ?

Actions

This Discussion