Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
259
Views
0
Helpful
1
Replies

Routing across multiple LANs & FWs

cortafuego
Level 1
Level 1

‎04-22-2007 11:04 AM - edited ‎03-05-2019 03:36 PM

I have a remote office with a WLAN and a wired LAN and a Cisco PIX 506 between them. The link and routing from the remote office LAN to the head office LAN is ISP managed with no firewall between the two locations. At head office there is Cisco PIX 515 separating the LAN from DMZ and Internet.

I am trying to set up routing and access rules for a laptop on the remote office WLAN to access a web server in the head office DMZ. I can get from the remote WLAN to head office LAN, but not DMZ (or I am getting there, but the web server response is not getting back). I can get from my computer on head office LAN back to remote office WLAN. I believe this tells me that the ISP routers are okay because they are routing between both LANs. I am struggling with the static route and rules needed on the head office FW to allow the DMZ web server to respond back to the remote WLAN.

I am new to PIX and have been learning in the PDM but have not resolved my scenerio to work and now decided I need to learn the command line so I know what commands are being initiated from actions in the GUI. I believe I know what I need in theory, but think that I am failing with my settings and have been going in circles with trial and error lately.

What I am looking for is a recommendation on the static routes, access rules and NATs you think are needed on both firewalls. I would really appreciate any help as I have been at this for several days and am just lacking the experience.

Remote WLAN: 172.17.4.0

Remote LAN: 172.20.4.0

Remote FW Outside: 172.17.4.60

Remote FW Inside: 172.20.4.70

Remote FW Inside Gateway: 172.20.4.100

ISP Managed Router on Remote LAN: 172.20.4.100

Laptop on WLAN: 172.17.4.80

Laptop GW: 172.17.4.60 (Firewall Outside)

NAT for Web Server in DMZ: 172.17.4.7

----------------------------

Head office LAN: 172.20.8.0

Head office DMZ: 192.168.12.0

HO FW Inside: 172.20.8.65

HO DMZ: 192.168.12.10

HO FW Inside Gateway: 172.20.8.100

ISP Managed Router on Head office LAN: 172.20.8.100

Web Server in DMZ: 192.168.12.7

Web Server GW: 192.168.12.10 (Firewall DMZ)

Labels:
0 Helpful
1 Reply 1

pstebner1
Level 1
Level 1

‎04-23-2007 06:44 AM

It sounds like your ISP connection is indeed ok. Can you tell us if pcs in your HO can reach the DMZ? A posting of your current config from the 515 would be helpful as well.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card