cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
253
Views
0
Helpful
1
Replies

Routing Pix behind IOS router

cuchara61
Level 1
Level 1

Have a 3640 connecting to ISP via PPPoE in FA and a point to point T1 on Serial. Default route is pppoe and then static routes for IP's on the other end of the T1. Pinging from inside the 3640 works fine to either the web or a pc at the other end of the t1.

Have a pix behind the router to firewall. It has one route - the 3640. Web works great, but not getting to the T1. Have enabled pings and can ping the web, but can't ping pc on T1.

How can I debug? Suggestions to look for?

Pertinent pieces of config below and full configs attached.

Pix:

ip address outside 6x.x.x.166 255.255.255.252

ip address inside 10.10.1.254 255.255.255.0

!

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 10.10.1.0 255.255.255.0 0 0

static (inside,outside) tcp 6x.x.x.166 ftp 10.10.1.5 ftp netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 6x.x.x.165 1

Router:

interface FastEthernet0/0

ip address 6x.x.x.165 255.255.255.252

duplex auto

speed auto

no cdp enable

!

interface Ethernet2/0

no ip address

half-duplex

pppoe enable

pppoe-client dial-pool-number 1

!

interface Serial2/0

description T1

ip address 172.18.0.1 255.255.255.252

!

interface Dialer1

mtu 1492

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

no cdp enable

ppp authentication chap callin

ppp chap hostname s****@********.net

ppp chap password 0 *******

!

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 10.0.0.0 255.255.255.0 Serial2/0

ip route 10.1.1.0 255.255.255.0 Serial2/0

1 Accepted Solution

Accepted Solutions

Edison Ortiz
Hall of Fame
Hall of Fame

When you ping from the 3640, you are sourcing from the serial interface T1 which I assume the remote network knows about because you get a successful reply.

When you ping from the PIX, you are sourcing from its outside interface 6x.x.x.166 and I'm sure the remote network does not have a route to that IP via the serial, does it?

__

Edison.

View solution in original post

1 Reply 1

Edison Ortiz
Hall of Fame
Hall of Fame

When you ping from the 3640, you are sourcing from the serial interface T1 which I assume the remote network knows about because you get a successful reply.

When you ping from the PIX, you are sourcing from its outside interface 6x.x.x.166 and I'm sure the remote network does not have a route to that IP via the serial, does it?

__

Edison.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: