Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
319
Views
0
Helpful
1
Replies

PIX 525 routing ?

dopenfield
Level 1
Level 1

‎03-15-2003 05:27 PM - edited ‎02-20-2020 10:37 PM

I've inherited a situation....

Class B IP range subnetted to all Class C networks.

PIX to be inserted behind the router to public internet , outside interface connected to the router via crossover cable with one Class C network assigned to that link.

Inside interface connected to rest of Class B range via 65xx switch.

Even with ACL's to permit ANY IP traffic, nothing is passed. Can ping from the PIX to ISP and back into the Class B range. Tried default gateway to the router's interface via PIX outside interface and static routes for both directions (inside and outside), no joy.

Is this a routing issue? Can the PIX handle being inserted in this point of the network?

Still running RIP V1 internally (reason for the Class Cs), Internet router talks BGP to ISP.

0 Helpful
1 Reply 1

shannong
Level 4
Level 4

‎03-16-2003 06:59 AM

Your topolgy design is not the problem and is the recommended approach. Troubleshoot each step in order and resolve the problems associated with it.

This should flush out any routing issues.

Question 1. Can internal clients ping the inside interface of the pix?

Likely Problem = You have an internal routing problem.

a. Make sure internal router has a default gateway pointing to the pix.

b. Make sure the Pix has a static or dynamic route for the Class B behind it.

Question 2. Can internal clients ping the inside interface of the external router? (make sure you have conduit permit icmp any any)

Likely Problems = NAT or external routing problem

a. You don't have NAT setup correctly. Use [logging buffered 7] and [show log]

b. Your external router needs a static route for the Class B addresses that live behind it.

Question 3. Can clients ping the interface address of the ISPs router. (i.e. The external routers default gateway? (assuming the external router can)

Likely Problems =External routing problems

a. The external router doesn't have a default route.

b. The external router is no longer advertising the routes to the ISP so they don't know how to send the traffic back. You can check to make sure that it is with a [ show ip bgp neighbor x.x.x.x advertised-routes]

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card