I have a frame that is attached to my 2621 router. The 2621 feeds into a switch and the switch is connected to my Pix 515. Finally the PIX is connected to my LAN switches.
We have been VPNing into our office to use their ERP system that is hosted in the Taiwan office. We?re in the process of setting up a point to point. The Taiwan office has sent me a Netscreen firewall that is setup with the following addresses (untrusted ? 68.x.x.105) and (trusted 192.168.10.247).
My Pix?s address is 192.168.10.1 which I?ve been using for my gateway on all my clients. I have hooked the Netcreen?s untrusted side to the switch that is connected to the router, and the trusted side to my LAN switch.
I added the statement ?route inside 10.0.0.0 255.0.0.0 192.168.10.247 1? to the Pix?s configuration.
I need to pass 10.0.0.0 255.0.0.0 traffic through the Pix. The specific address is 10.27.1.2. I can ping the Netscreen (192.168.10.247) from the PIX internally, but not from any of the clients on the network.
I am using the Netscreen temporarily so my clients do not have to connect to the Taiwan VPN before using the ERP application. I have temporarily fixed the situation by setting static IP?s on the clients and using 192.168.10.247 at their gateway.
What statements do I need to add so 10.0.0.0 network routes locally?
you have the PIX and netscreen installed in parallel? each one has an external interface, and each one has an internal face, right?
and on the PIX(which is normally the default gateway on your local pc's) you have the "route inside 10.0.0.0 255.0.0.0 192.168.10.247 " statement?
in this set up, you can ping the 10.27.1.2 address ONLY from the PIX, not from clients (when clients are configured with the PIX as their default gateway)?
By default the PIX cannot reroute traffic out the same interface at which it arrives. In fact, until 7.0, this wasn't even an option. If you are running any 7.x code on your PIX, you can use the following command: same-security-traffic permit intra-interface
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :