LAN Clients not able to access internet in Bridging mode

Anand Narayana · ‎07-13-2007

Hi,

Attached is my Network diagram where i hav placed the web content server, which is acting in bridging mode behind the firewall. i hav added two subnet ip address in that bridge, now the clientz in my LAN can able to speak each other ie. 192.168.1.1 & 172.16.1.1, but only 192.168.1.1 can access internet, the other 172.16.1.1 cannot access internet even thought i hav put the ip address in the alias for passing the other subnet traffics in the bridging mode. any suggestions?

ofcourse each clientz can speak each other by pointing the PIX ip address as a gateway.

gmarogi · ‎07-20-2007

This sample configuration demonstrates how to configure a Cisco Secure PIX Firewall to separate a corporate network from the Internet.

http://www.cisco.com/warp/public/110/single-net.shtml

mhellman · ‎07-20-2007

Are the clients using the "web content server" as a forward proxy (transparent or otherwise)? I am confused at what the "web content server" is actually supposed to be.

In any event, you need to think about it from the perspective of the client. I will assume the "web content server" is either not a proxy or is a transparent proxy...so the client has no knowledge of it. The client attempts to connect to www.yahoo.com via the browser. First the client resolves the www.yahoo.com hostname to 69.147.114.210. Then the client attempts to connect that IP on TCP port 80. Since that IP is not local, it will send the packets to its default gateway. FWIW, the exact same thing probably happens when 192.168.1.1 tries to connect to 172.16.1.1. If 192.168.1.1 is not on the same network, and doesn't have a specific route to 172.16.1.1...it will forward the packet to its default gateway.