Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
839
Views
0
Helpful
1
Replies

trouble with routing using win2k multihomed server behind PIX

dlabbadia
Level 1
Level 1

‎06-26-2002 11:15 AM - edited ‎02-20-2020 10:07 PM

Dear All,

I have a situation that I believe my PIX needs to be configured for and I was looking for some help. Here's my situation.

A Win2K server set up as RRAS (Routing and Remote Access) to allow VPN clients into my network from the outside. The server has 4 NICs.

Nic1:172.16.10.1/24

used for cross over connection directly to PIX interface used for VPN clients.

Nic2:172.16.0.7/24

used to connect to 172.16.0.X subnet through an 11000 Content Switch

Nic3:172.16.1.7/24

used to connect to 172.16.1.X subnet through a 3500XL Switch

Nic4:172.16.2.7/24

used to connect to the 172.16.2.X subnet through a 4000 Catalyst Switch

each of the three subnets has its own default gateway out to a seperate interface on one of two PIXs. So I have one PIX with two interfaces (for subnet 1 and subnet2). And I have one PIX with two interfaces (for subnet3 and cross-over from VPN Server Nic1.

My problem is this. Logged in locally to the Win2k machine, I can ping all hosts and PIX interfaces on all subnets. I can't however connect to machines on the other networks (subnet to subnet). VPN clients coming in, can only connect to machines on the 172.16.0.X subnet. I have alias commands on the PIX that look something like

alias (inside) 172.16.0.11 external IP 255.255.255.255.

I don't however have alias commands hosts on the other subnets because they are on the other PIX. Can anyone please offer me some help with this situation. When a client is VPNd into the system, they can't ping anything, but they can connect to things using the IP address. It appears to me that there is a default gateway issue on the hosts themselves, but I don't want them to communicate all their traffic out the single VPN Nic/interface. If this is the only option I'd like some help.

Dave

0 Helpful
1 Reply 1

paqiu
Level 1
Level 1

‎06-26-2002 05:32 PM

It sounds like your Windows2000 have some routing issues there.

If you put a router behind your PIX to replace the win2k server to take care of the routing between all the different subnets, it will reduce a lot of confuse.

We can help you to config the routing and make it working fine with all the subnets as well as the VPN clients.

If you are quite fimilar with Windows 2000 with routing configuration, I am pretty sure you need to fix the routing issue on that server.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card