Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
4
Helpful
2
Replies

LAN to LAN packets dropped at PIX.

jpeter
Level 1
Level 1

‎10-10-2002 07:29 PM - edited ‎03-02-2019 01:59 AM

We have a WAN with a PIX and (2) 2620 routers in the following config...

Internet<--PIX<----LAN1----Cisco2620<----HDLC Serial-----Cisco2620<---LAN2

Currently hosts on both LAN1 and LAN2 are able to talk to one another after adding entries to their respective routing tables. Packets from printers and videocon equipment reach the PIX (default gateway) are dropped. As a result, if a host on LAN1 tries to communicate to a host on LAN2 (without any route table modifications on the hosts) the packets are dropped.

The PIX is configured with two static net routes for LAN1 and LAN2. The two Cisco routers are using EIGRP.

This almost sounds like a test question, but what has to be done so a host on LAN1 and communicate with a host on LAN2, without adding an entry to the hosts' routing tables? Should I enable RIP on the PIX and two routers? Do we need an additional router bewteen the PIX and LAN1 enabled with EIGRP to redirect packets back to LAN2?

Once again the PIX has static routes to LAN1 and LAN2, however, the syslogs show packets destined for LAN2 being dropped at the inside PIX interface.

Any input would be greatly appreciated.

Labels:
0 Helpful
2 Replies 2

thisisshanky
Level 11
Level 11

‎10-10-2002 09:05 PM

Hi,

On the Pcs and other devices in lan 1, set the default gateway as lan interface of Router 1 (cisco 2620). On the Cisco 2620, set a default route to PIX internal interface. So all packets going to internet from LAN1, will first go to Cisco 2620 and then go to the PIX and go out from there. Packets from LAN 1 to LAN 2 will first go to Cisco 2620 (Router 1) and with the EIGRP route to LAN 2 will go to LAN 2.

Now one more thing, to be noted is that, Router 1 knows, that for all routes to internet the best next hop is PIX inside interface. So , when packets coming from devices inside LAN1 going towards internet , reaches Cisco2620, it will send a icmp redirect message to that device, telling that the best next-hop for that particular route (route in internet) is PIX. So for packets going to internet, PC would ultimately use the PIX as next hop. All packets going to LAN 2 would go through the Cisco 2620.

Please note, you will have to change the default gateway to Cisco 2620 ethernet IP address.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

jpeter
Level 1
Level 1
In response to thisisshanky

‎10-11-2002 12:20 PM

I initially did that, but just wanted to check in case I was missing something obvious. I guess I had assumed the static routes on the PIX would take care of it.

Thanks for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents