Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

2 Routers to different locations

I have a network with a PIX and Router to an ISP. The default gateway on my network is the inside port on the PIX. I'd like to add a second router to my network that will be used to connect to a remote office. How do I direct traffic to that router? I assume, since the PIX is the default gateway, that I need to configure the PIX to redirect traffic to the second router. Is that correct? What commands should I use?

Thanks

9 REPLIES
New Member

Re: 2 Routers to different locations

Hi Doug,

I'm not too familiar with PIX, but I do have a similar setup with Cisco Routers and a Checkpoint firewall.

I have four interfaces on my firewall, one external and three "internal". My external interface is connected to my Cisco border router going out to my ISP's.

I have another Cisco 2501 router going to a remote office using ISDN. This is connected to one of my "internal" interfaces. The "internal" interface of the firewall is configure with an ip address of say, 10.0.0.1 with /24. The 2501 has an IP in that range, say 10.0.0.2.

The firewall has GUI client where I can put in a static route of that IP block 10.0.0.0/24 routing to the interface of the 2501 (10.0.0.2).

Hope that helps.

Kawin

New Member

Re: 2 Routers to different locations

You can create static entry for remote network on your first router , in configuration mode command

ip route 10.2.0.0 255.255.0.0 10.1.0.2

where

10.2.0.0 is remote office network address

255.255.0.0 is remote office address mask

10.1.0.2 is ip address of LAN port of your second router

you have to configure second router also, one static entry for remote network, another for default route.

Rafal

New Member

Re: 2 Routers to different locations

Hi Rafal,

The problem I'm having is that the PIX does NAT and so does Router1. So Router1 doesn't know about Router2. The PIX and Router2 are on 192.168.1.z and the PIX translates to 10.1.0.z then Router1 translates to real-world IP.

Can the PIX re-direct traffic back to the 192.168.1.z network?

Thanks.

Cisco Employee

Re: 2 Routers to different locations

no, the pix can't reroute traffic back the same interface.

Where do you want to place your 2nd router ?

is it :

|

|-R1 ---- pix ---- R2 ---- ISP

|

or

| |--R1

|-pix -|

| |--R2

for the first case, you need to take the ip address of the pix inside address and configure it on the router. You then another segment of ip for the connection router1 - pix.

New Member

Re: 2 Routers to different locations

My current configuration is:

|-pix---R1---ISP

|---R2---RemoteSite

I don't own R2 so I do not have the ability to replace or repair it quickly so I did not want to include it in the path to the internet. R1-pix-R2

If R2 dies on me, I don't want to lose my internet connection. How do I get traffic to go to R2?

Thanks,

Doug

Silver

Re: 2 Routers to different locations

The PIX Firewall does not send ICMP redirects messages that would redirect PC traffic bound for the remote site to R2. If you don't own and manage R2 it could be considered a security threat. Therefore your solution might be to connect R2 to a separate interface on your PIX and configure the appropriate conduits for remote site traffic to enter the network. The PIX would then be able remain the default gateway on your network and direct traffic to the remote site.

Regards,

Brad

Cisco Employee

Re: 2 Routers to different locations

I agree with Brad.

Attached R2 to a 3rd interface of the pix.

This is the most secure solution.

New Member

Re: 2 Routers to different locations

I have a network with four routers on the LAN and I designated one of them as "boss" router. It has a default router to the inside port of the PIX. Everything else gets static routed. The "boss" router is not the one that connects to the internet behind the PIX. It's the one that connects my private network together. Hope this helps.

Barry

New Member

Re: 2 Routers to different locations

If possible, what I would do is take the inside address of the pix (default gateway) and put that on the corporate router ethernet interface. Then, in the corporate router put a default route of 0.0.0.0 0.0.0.0 to the new pix inside interface address. Any address the corporate router does'nt know about will be directed to the pix.

167
Views
0
Helpful
9
Replies