Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
0
Helpful
3
Replies

PIX515 - not letting remote subnet out?

stownsend
Level 2
Level 2

‎08-06-2002 05:06 PM - edited ‎03-08-2019 11:51 PM

I have 3 remote offices connected via Fram connection. I can ping the ehternet interface on the HQ reouter from the remote locations, so I know I'm routing packets. The Ethenet interface can get out of the network though the PIX, though all of the other remote offices cannot.

It seems like I need to allow their subnet to have access to the outside???

Thanks,

Scott<-

Labels:
0 Helpful
3 Replies 3

yusuff
Cisco Employee
Cisco Employee

‎08-06-2002 11:18 PM

You need to have routes for all these subnets for PIX to route packets back.

HTH

R/Yusuf

0 Helpful

stownsend
Level 2
Level 2
In response to yusuff

‎08-07-2002 06:18 AM

So I added the following:

route inside 10.2.0.0 255.255.0.0 10.1.0.1 1

route inside 10.3.0.0 255.255.0.0 10.1.0.1 1

route inside 10.4.0.0 255.255.0.0 10.1.0.1 1

route inside 10.5.0.0 255.255.0.0 10.1.0.1 1

and I can from the PIX ping the remote ethernet interface on the other routers. Though from the other routers I cannot ping the PIX's internal interface. I can on the Router that is in the same subnet as the PIX.

From the remote networks I can ping the ethernet interface on the router in the same subnet as the PIX, so I'm pretty sure the issues are on the PIX.

I'm stull pretty new at all of this. so I'm sure its something pretty simple.

Thanks for your help!

Scott<-

0 Helpful

stownsend
Level 2
Level 2
In response to yusuff

‎08-07-2002 08:41 AM

I've added routes for the other Subnets, though I'm not sure my NAT is letting them through.

Here is what I have so far:

access-list inside_outbound_nat0_acl permit ip any 10.0.0.0 255.0.0.0

global (outside) 1 192.168.126.21-192.168.126.59 netmask 255.255.255.0

global (outside) 1 192.168.126.20 netmask 255.255.255.0

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 10.0.0.0 255.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 192.168.126.2 1

! Remote Office 1 Subnet

route inside 10.2.0.0 255.255.0.0 10.1.0.1 1

! Remote Office 2 Subnet

route inside 10.3.0.0 255.255.0.0 10.1.0.1 1

! Remote Office 3Subnet

route inside 10.4.0.0 255.255.0.0 10.1.0.1 1

! Remote Office 4Subnet

route inside 10.5.0.0 255.255.0.0 10.1.0.1 1

!Serial Port Subnets

route inside 10.254.0.0 255.255.0.0 10.1.0.1 1

Any Suggestions would be appreciated.

Thanks,

Scott<-

0 Helpful
Customers Also Viewed These Support Documents