Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
0
Helpful
6
Replies

routing or nat

zulqurnain
Level 3
Level 3

‎07-24-2006 02:52 AM - edited ‎03-03-2019 01:26 PM

hi all,

how do i make my pix understand the traffic coming from my remote location office connected through mpls connection

we have 1 remote location connected to main office, both sides have routers configured and working properly using ip addresses as following.

remote location ip subnet : 10.8.0.0

main office ip subnet : 192.168.1.0

now the remote office works okay with main office but now few of the computers need to be given the access to internet therefore, now the i would have to tell the remote router to route the http traffic to main office and main office router to route towards pix local interface.

Problem comes that it's not happenings, when doing a traceroute i can see that i reach the main branch router and then nothing happenes.

how to i configure the pix to accept the traffic coming from different sub net from the one it has on it's local interface ???

Labels:
0 Helpful
6 Replies 6

jackyoung
Level 6
Level 6

‎07-24-2006 11:52 PM

Please advise how do you make the router forward those Internet traffic to PIX ? I assume it will be policy-based routing or a default route to the PIX. PIX should do the NAT before transmit the packet to the ISP. Moreover, the PIX also need to point to the main office router as gateway.

If there is still the problem, please provide the routers' configuration.

Hope this helps.

0 Helpful

zulqurnain
Level 3
Level 3
In response to jackyoung

‎07-29-2006 03:49 AM

my senario is like: text file attached as diagram.txt

On Remote Machine the gateway is 10.8.0.10 *remote router

On Remote Router i have *ip route 2.2.2.2 255.255.255.255 192.168.1.250

on Main Off Router i have *ip route 2.2.2.2 255.255.255.255 192.168.1.251 (pix inside interface)

Question:

I think i am not following you correctly,

1. i have added the remote subnet as the inside subnet on my pix" by route inside command as

route inside 10.8.0.0 255.255.255.255 192.168.1.250

a little help would be great as i am really stuck

Preview file
1 KB
0 Helpful

jj-zhou
Level 1
Level 1
In response to zulqurnain

‎07-29-2006 07:01 AM

hello zulqurnain

you said nothing happened on pix ,i think perhaps the pix teardown or drop your trace flow. try to debug and observe what happen on pix .

lucky

0 Helpful

katab
Level 1
Level 1
In response to jj-zhou

‎07-29-2006 07:19 AM

Hi ,

If the network is connecting the Internet through the PIX do the following :

1- In remote router configure defualt gateway the main office

ip route 0.0.0.0 0.0.0.0 192.168.1.250

2-In the main route configure default gateway to PIX

ip route 0.0.0.0 0.0.0.0 PIX

3-In the PIX , (I assume the traffic from main router is in high level securety ( inside) than zone going to internet zone ( internet) )

- Creat PAT for subnet 10.8.0.0/24

nat(inside) 1 10.8.0.0 255.255.255.0

global(internet) 1 X.X.X.X 255.255.255.255

where X.X.X.X is public IP

4- make sure that PIX knows how to get network 10.8.0.0/24

ip route 10.8.0.0 255.255.255.0 main router

regards

0 Helpful

zulqurnain
Level 3
Level 3
In response to katab

‎07-30-2006 02:24 AM

well, i did what you told me to and when i ping 10.8.0.0 subnet from pix while enabling the icmp trace, i see

453: ICMP echo request (len 32 id 9233 seq 0) outside interface > 10.8.0.50

10.8.0.50 NO response received -- 1000ms

0 Helpful

jackyoung
Level 6
Level 6
In response to zulqurnain

‎07-30-2006 08:06 PM

Did you find any log in PIX that drop the ICMP packet ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card