Routing Pix behind IOS router

Answered Question
Nov 12th, 2008

Have a 3640 connecting to ISP via PPPoE in FA and a point to point T1 on Serial. Default route is pppoe and then static routes for IP's on the other end of the T1. Pinging from inside the 3640 works fine to either the web or a pc at the other end of the t1.

Have a pix behind the router to firewall. It has one route - the 3640. Web works great, but not getting to the T1. Have enabled pings and can ping the web, but can't ping pc on T1.

How can I debug? Suggestions to look for?

Pertinent pieces of config below and full configs attached.

Pix:

ip address outside 6x.x.x.166 255.255.255.252

ip address inside 10.10.1.254 255.255.255.0

!

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 10.10.1.0 255.255.255.0 0 0

static (inside,outside) tcp 6x.x.x.166 ftp 10.10.1.5 ftp netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 6x.x.x.165 1

Router:

interface FastEthernet0/0

ip address 6x.x.x.165 255.255.255.252

duplex auto

speed auto

no cdp enable

!

interface Ethernet2/0

no ip address

half-duplex

pppoe enable

pppoe-client dial-pool-number 1

!

interface Serial2/0

description T1

ip address 172.18.0.1 255.255.255.252

!

interface Dialer1

mtu 1492

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

no cdp enable

ppp authentication chap callin

ppp chap hostname s****@********.net

ppp chap password 0 *******

!

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 10.0.0.0 255.255.255.0 Serial2/0

ip route 10.1.1.0 255.255.255.0 Serial2/0

I have this problem too.
0 votes
Correct Answer by Edison Ortiz about 8 years 2 weeks ago

When you ping from the 3640, you are sourcing from the serial interface T1 which I assume the remote network knows about because you get a successful reply.

When you ping from the PIX, you are sourcing from its outside interface 6x.x.x.166 and I'm sure the remote network does not have a route to that IP via the serial, does it?

__

Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Edison Ortiz Wed, 11/12/2008 - 18:31

When you ping from the 3640, you are sourcing from the serial interface T1 which I assume the remote network knows about because you get a successful reply.

When you ping from the PIX, you are sourcing from its outside interface 6x.x.x.166 and I'm sure the remote network does not have a route to that IP via the serial, does it?

__

Edison.

Actions

This Discussion