first of all,thks for your response.How should I configure the route inside command in the PIX base on my network

Hi

It should look like:

route inside 192.168.2.0 255.255.255.0 192.168.253.X

X means the ip address of the vlan interface on the 3550 where you have

the intervlan routing.

Hope that helps

Roger

thks again.for the w/s in vlan 1 they don't have any problem but for those in vlan 2 were unable to access to internet .

My gateway for w/s in vlan2 is pointing to 192.168.2.x(vlan2 IP)

Any more advise.

Hi

Is the following assumption correct?

Vlan 1 ==> 192.168.253.0/24 Gateway: 192.168.253.x on 3550

Vlan 2 ==> 192.168.2.0/24 Gateway: 192.168.2.x on 3550

Vlan 1 is also the one between the firewall and the router?

if it is like this you only need a default route on the Cisco 3550 pointing to

the firewall and the two routes on the firewall pointing to the Vlan1 GT Address.

With this the routing is for sure in place.

Do you already have any restrictions on the firewall in place? Or is the NAT on the firewall not correct?

Regards

Roger

thks again,first of all,your assumption is correct.

I don't have any restriction on the firewall.My router is doing NAT since I'm using ISDN DHCP connection.The connection between router back to firewall

is using 10.10.10.0/24 which is outside of the network and I don't think is much related since I was able to access to internet thru my VLAN1.

Any more advise as I already in dead end.

Hi

Hard to tell from here, but if you have the routing in place as i posted bevor

that should be o.k.

The only thing that i now can think of is that the NAT only translates only the

addresses out of the VLAN1.

So check the nat if you have there an ACL in place which translates only

addresses ot of VLAN 1.

Roger

Well anyway thanks for your help and for so many advise.

BTW my router is doing the NAT.This is my router config.

Current configuration : 1500 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Cisco1721

!

enable password 7 14161008

!

memory-size iomem 25

ip subnet-zero

!

!

no ip domain lookup

!

!

isdn switch-type basic-net3

!

!

!

interface BRI0

description connected to Internet

no ip address

ip nat outside

encapsulation ppp

dialer rotary-group 1

dialer-group 1

isdn switch-type basic-net3

no cdp enable

!

interface FastEthernet0

description connected to EthernetLAN

ip address 10.10.10.2 255.255.255.0

ip nat inside

speed auto

!

interface Dialer1

description connected to Internet

ip address negotiated

ip nat outside

encapsulation ppp

no ip split-horizon

dialer in-band

dialer string xxxxx

dialer hold-queue 10

description connected to Internet

no ip address

ip nat outside

encapsulation ppp

dialer rotary-group 1

dialer-group 1

isdn switch-type basic-net3

no cdp enable

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname xxxx

ppp chap password 7 xxxxxx

ppp pap sent-username xxxx password xxxxx

!

router rip

version 2

passive-interface Dialer1

network 10.0.0.0

no auto-summary

!

ip nat inside source list 1 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.253.0 255.255.255.0 10.10.10.1

no ip http server

!

!

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 1 permit any

dialer-list 1 protocol ip permit

no cdp run

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.253.0 255.255.255.0 10.10.10.1

no ip http server

!

!

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 1 permit any

dialer-list 1 protocol ip permit

no cdp run

snmp-server community public RO

snmp-server enable traps tty

!

line con 0

exec-timeout 0 0

password 7 11081B06

login

line aux 0

line vty 0 4

password 7 12180714

login

!

end

Hi

Thanks for the config.....

As i see you got the 192.168.253.0/24 Network routed towards 10.0.0.1 and

now just add also the 192.168.2.0/24 Network.

I thought in the very early postings that you implemented the NAT on the Firewall.

So i'm sure after you add the route it will work.

Regards

Roger

Hi buddy,millions thanks,You're the man!,I don't notify the missing command as well.

Looks like it is working now, glad that i could help you.

Regards

Roger