I have 6 interfaces in mt PIX515 firewall,E0 is connected to the Internet through router.
E1 interface is assigned as 10.16.10.1 with 255.255.0.0,connected to a switch,in the same trusted network there is a Domino mail server,whose address is 10.16.10.5 with 255.255.0.0.
The E1 interface is connected to the fastethernet interface of teh router e0/0 whose address is 10.16.10.31 with 255.255.0.0.
The serial interface (whose Ip address is 172.16.1.1 with 255.255.255.252)is connected to the remote site serial interface of a router (whose IP address is 172.16.1.2 with 255.255.255.252)over leased line.
Fast ethernet interface of the remote router is aatache to teh switch whose IP address is 10.81.10.1 with 255.255.0.0.There are some users in the 10.81.10.0 network.
Routing in PIX:
route (outside) 0.0.0.0 0.0.0.0 Internet net router serial interface.
route (outside) 10.81.0.0 255.255.0.0 via 10.16.10.31
Local router :
Ip route 10.81.0.0 255.255.0.0 via 172.16.1.2 255.255.255.252
Remote router :
IP route 10.16.0.0 255.255.0.0 via 172.16.1.1 255.255.255.252
Domino Mail serevr :
route is added to reach the 10.81.0.0 network.
The issue is we are able to PING the momino mail server from 10.81.0.0 network sometimes only,most of the time we are not able to ping teh domino server.Locally from router we are able to PING.
Router fastethernet port is attached to the 16 port of the switch,PIX firewall E1 interface is attched to the 17 th port of the Switch,Domino Mail server is connected to tehe 18th port.All these ports are the member of teh VLAN 5.
I'm confused with your topology. You have a pix with an E0 interface (outside) that connects to a router with connects you to the internet.
You have an E1 interface which is connected to a trusted network on which you have a domino server and a router. Is this router a different router ?.
This router that connects to the trusted network - is this the one with the serial connection to your remote site.
What i'm trying to work out is the path taken from your remote site to the domino server. You have a route on the pix for the 10.81.0.0 network pointing to the outside.
Could you clarify the path.
As a side note, if you can ping sometimes but not others it could be a translation issue on the pix. If traffic from the remote site does come to the outside interface of the pix do you have a static transaltion setup for the domino server ?
Thanks.Yes you are right,I have one router for Internet which is connected to the E0 interface of the PIX.
Another router whose fastethernet is connected to a switch with the IP 10.16.10.31/16,the E1 interface of teh PIX ia also connected to the same switch with the IP 10.16.10.1/16,then there is a Domino Mail server whose IP is 10.16.10.5/16, is also in the same switch,all thse router fastethernet ,PIX E1 interface and the Domino mail server are the members of the VLAN 5.
Rounting in the ROUTER :
1. To reach teh 10.81.12.0/16 via 10.81.13.2/30 (Which is the remote route's serial interface IP which is at the remote site,this is teh third router)
Domino Mail Server.
To reach the 10.81.0.0/16 via PIX E 1 interface 10.16.10.1/16
Routing in the PIX:
To reach the 10.81.0.0/16 via 10.16.10.31/16 which is the local router's fastethernet interface.
Is it o.k,I hope I gave u the needed inputs.
And you are telling about the Translation set in teh PIX,What it is ,how to configure?Please help me to resolve this issue.
With version 7.x the pix can route traffic back out of an interface it received it on. Be aware tho that v7.x is significantly different in configuration than 6.x and if you are running a Pix 515E you might need a memory upgrade.
If you have a Pix 501 or 506E you cannot run v7.x on this.
If you need to log the traffic you could create an access-list on your router that allows traffic to and from your domino server and logs it and then have a "permit ip any any" for all the other traffic.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...