Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
0
Helpful
5
Replies

Remote sites not able to route to Internet through main sites gateway

admin_2
Level 3
Level 3

‎10-03-2003 05:19 AM - edited ‎03-02-2019 10:46 AM

Can anyone help me with the following problem. I have a client who has 4 remote sites connected via Frame Relay to the main site. They need to be able to browse the Internet from the remote sites by routing out through the main sites PIX as this is the only direct connection to the Internet.

Right now I can ping the PIX from the remote sites and if I add a route to the remote networks on the PIX I can ping back to the remote sites. If I try and do a traceroute from a remote site to an Internet address I can get as far as the first interface of the main sites router then timeout. I have tried making the PIX the default route for all traffic on this router and then defining routes to the remote sites but cannot seem to route remote sites all the way through. They can access a Citrix server at the main site though and we can ping every network from any network.

All help greatly appreciated.

Thanks.

Labels:
0 Helpful
5 Replies 5

deilert
Level 6
Level 6

‎10-03-2003 05:30 AM

DO you have a default route on the remote sites that go to the router that is connected to the Pix ?

ip route 0.0.0.0 0.0.0.0 x.x.x.x (ipaddressofrouterconnectedtopix)

Also on the router that is connected to the Pix you will need a default route pointing to the Pix

0 Helpful

rjackson
Level 5
Level 5
In response to deilert

‎10-03-2003 05:50 AM

Usually I say start troubleshooting with routing but it sounds like you have that covered.

In this case you have not mentioned the firewall functions of the pix. Is the pix configured to allow the inside addresses of the remote networks out to the internet? Are they in the access list for the nat pool?

0 Helpful

thisisshanky
Level 11
Level 11

‎10-03-2003 08:01 AM

Are you able to get out to the internet, from the main site ?

The PIX should be configured with a NAT and GLOBAL command to allow inside traffic to get outside. A public NAT pool should be configured, or you can use PAT by overloading with the public ip address assigned to the outside interface.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

jcleary
Level 1
Level 1
In response to thisisshanky

‎10-06-2003 07:33 AM

make sure that on the PIX you have the statements

Nat (inside)1 ipaddressofremotesites

global (outside)1 publicipaddress

-Joe

Can you paste the PIX configs?

0 Helpful

ocwa
Level 1
Level 1

‎03-09-2004 12:39 PM

I have the same problem, I have cisco 4500 default route is PIX 515 and from pc connot traceroute internet IP addresses. Request timeout on 4500

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents