Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
249
Views
5
Helpful
3
Replies

About route

Go to solution
albertobrivio42
Level 1
Level 1

‎01-09-2006 09:10 AM - edited ‎03-09-2019 01:34 PM

Dear ALL,

I need your help about two questions:

I cannot ping (or getting other services) between two machines both connected to the inside zone.

One of them, is configured with public IP and a static is applied like this:

static (inside, outside) 213.212.a.b 213.212.a.b netmask 255.255.255.255

The other one is based on nat , 192.168.1.0 to the inside zone mapped through global / nat

Both machines are reachable from outside , but if you get access to one of them, then you'll not able to ping the other one or get a web page for example.

The last question is, if I add more than one subnet to the inside, do I have to insert manually specific route like this:

route outside subnet's address netmask outside's address

Regards

Alberto Brivio

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mheusinger
Level 10
Level 10
In response to albertobrivio42

‎01-09-2006 10:00 AM

Hello Alberto,

the first thing a host does when setting up IP communication is to check: Is the destination address local or do I have to send it to the default gateway?

For that purpose the host checks the network mask configured, which tells which address can be reached by issuing an ARP and which should straight forward be sent to the default gateway, because it "is not local".

In your case none of the two hosts assumes the other is local, so both of them send the packets to the PIX resulting in no connectivity ... see the previous post.

Did this help? Then please rate this post

Martin

View solution in original post

0 Helpful
3 Replies 3

Go to solution
mheusinger
Level 10
Level 10

‎01-09-2006 09:30 AM

Hello,

the PIX will not forward a packet out of an interface the packet was received. It simply doesn´t support this, but it is exactly what you are asking for.

In order to get both devices to communicate place them either in the same subnet or engage a router with f.e.

interface ethernet0

ip address 213.212.a.r 255.255.255.248

ip address 192.168.1.123 255.255.255.0 secondary

which will route between the two networks.

Did this help?

Martin

Go to solution
albertobrivio42
Level 1
Level 1
In response to mheusinger

‎01-09-2006 09:45 AM

Hi Martin,

thanks for your explanation.

This could be a good solution, but I wonder why those machines don't "talk" about them since they are on the same switch, so they could make it addressing each other with MAC address ?!

Regards

Alberto

0 Helpful

Go to solution
mheusinger
Level 10
Level 10
In response to albertobrivio42

‎01-09-2006 10:00 AM

Hello Alberto,

the first thing a host does when setting up IP communication is to check: Is the destination address local or do I have to send it to the default gateway?

For that purpose the host checks the network mask configured, which tells which address can be reached by issuing an ARP and which should straight forward be sent to the default gateway, because it "is not local".

In your case none of the two hosts assumes the other is local, so both of them send the packets to the PIX resulting in no connectivity ... see the previous post.

Did this help? Then please rate this post

Martin

0 Helpful
Customers Also Viewed These Support Documents