Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
0
Helpful
2
Replies

Problem of routing with a PIX515

n.strina
Level 1
Level 1

‎01-09-2003 07:22 AM - edited ‎03-09-2019 01:37 AM

Information :

Our LAN 192.168.168.0/24 with a PIX515 as gateway (192.168.168.254)

Other gateway in our LAN (192.168.168.201) with tunnels with the Intranet of one of our branch office (Branch office LAN : 172.16.0.0/24).

Description of the problem :

We have a PIX515 which is the gateway of our private LAN. I installed an other gateway in our LAN just used to access remote LAN of some of our branch offices in order to decrease the charge of our PIX515.

My problem is that the PC in my LAN should have the other gateway as default gateway when they want to access the remote Intranet of our Branch office. if I do this, it works (the tunnel connection)

However I need to keep the PIX 515 as default gateway, that's why I added a static route in the inside interface of our PIX which says that the 172.16.0.0/24 is accessible via the other gateway (192.168.168.201).

When I am connected on the PIX, I can without any problem access to these remote LAN but when I am on a PC from our LAN I cannot, even if my default gateway is the PIX515.

For example, when I am on the PIX and if I make a "ping 172.16.0.1", it works

When I am on a PC (192.168.168.199 for example) which default gateway is the PIX (192.168.168.254) and which public default route is "0.0.0.0 mask 0.0.0.0 via 192.168.168.254", it fails !

I make a "tracert 172.16.0.1" command to see where the packets are lost and that's the PIX which doesn't forward the packets to the other Gateway !

What's happens? why the PIX515 doesn't forward the packets as a single router ?

Please help me, it's very important ...

Labels:
0 Helpful
2 Replies 2

p.bender
Level 1
Level 1

‎01-09-2003 08:12 AM

You could'nt do this. A packet received By the PIX on one interface coul'nt be resend through the same interface . Actually, for security raeson, the pix drops the packets.

You have to use a router to make this staff.

I hope this will help you.

0 Helpful

bs0000554
Level 1
Level 1

‎01-09-2003 10:23 AM

The PIX (for security reasons) does not do icmp redirects and also cannot

inbound and outboud packet in the same interface.

(You cannot have translations slots for this)

SOLUTION: make you router the default gateway

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents