I'm using PIX 515. One of segment connected to this Pix is network 10.12.187.0/24. On this network is router Cisco 1841, which connect networks 10.12.188.0/26 and 10.12.187.0/24.
The problem is that host 10.12.187.x, which has default gateway Pix, cannot ping any host on 10.12.188.0/26. This works only if I setup route on host 10.12.187.1, that network 10.12.188.0 is behind the router.
But when this host has default gateway pix, it doesn't work.
On Pix is route 10.12.188.0 255.255.255.192 (router IP address)
I can only imagine that you have an ACL on the PIX that will block this - i guess that traffic will be processed by the ACL in and out and that if you are not allowing 10.12.187.x to 10.12.188.0/26 then the pix will block this..
Sounds like you are trying to hairpin traffic on the inside interface of the pix. You cannot do this in pix 6. What version are you running? Couldn't you just make the clients default gateway the router address?
"Hairpinning is the process by which traffic is sent back out the same interface on which it arrived. This feature was introduced in security appliance software version 7.0. For versions earlier than 7.2(1), it is required that at least one arm of the hairpinned traffic (inbound or outbound) be encrypted. From 7.2(1) and later, this requirement is no longer in place. Both the traffic inbound and the traffic outbound might be unencrypted when you use 7.2(1)."
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :