Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Routing on PIX525 ?

Hello.

Routing truble on PIX ??

inside PC-10.100.4.111 can't connected to remote sites PC-10.100.110.111 etc..

the pix are default gateway on PC.

It is some way to do this ?

I have one PIX525 Version 7.2(2)

two VPN3005 Version 4.7.2.L

one WS-C4006 Version 12.1(20)EW

I have a main site connected to internett with a WS-C4006 router

passing traffic to PIX and VPN3005 with there global IP addresse.

The remote site's are connected to VPN3005-1

14 remote site IP 10.100.110.0/24 10.100.120.0/24 etc... (routers C1800..)

--- Confiuration: -------------------------

PIX525

outside = Global-IP.254

inside = 10.100.4.250/24

route outside 0.0.0.0 0.0.0.0 Global-IP.1 1

route inside 10.100.110.0 255.255.255.0 10.100.4.251 1 (?? Not working)

VPN3005-1 (this is use for remote site office)

Public = Global-IP.251

Private = 10.100.4.251

VPN3005-2 (this is use for vpn Client only)

Public = Global-IP-252

Private = 10.100.4.252

-------------------------------------------

Thanks for your help

Tor

2 REPLIES
Gold

Re: Routing on PIX525 ?

you need to enable hairpinning on the PIX. by default the pix can't reroute traffic out the same interface on which it was received.

try adding the command:

same-security-traffic permit intra-interface

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s1_72.html#wp1289167

New Member

Re: Routing on PIX525 ?

It's not help ?

The are none router inside

the PIX are default gateway

I------------------I

I Internal Network I --> 10.100.4.1 {Inside} PIX 128.39.184.254 {Outside} --> ISP Router

I Internal Network I --> 10.100.4.251 (Private)VPN3005-1 128.39.189.9 (Public) --> ISP Router (Connect to remote office)

I Internal Network I --> 10.100.4.252 (Private)VPN3005-2 128.39.189.129 (Public) --> ISP Router (vpn klients)

I------------------I

It is any way to do this.

Regars,

-Tor

125
Views
0
Helpful
2
Replies