Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
5
Replies

internet access for valns

Go to solution
junaid haroon
Level 1
Level 1

‎10-13-2013 06:34 AM - edited ‎03-04-2019 09:18 PM

Hi,

i have netwrok infrastructure like this

                                      internal lan--------->Layer3 switch---------------->Pix firewall------------------------------------internet

I have vlans and all clients of different vlan access each other.i am using a layer3 switch for intervaln routing but i am facing issue no one can accesss the internet.how i ever i have already switch on the Global NATING on PIX firewall.

i Attached the file and i follow same senario which mentioned in file.

Plz help me out.

Labels:
Preview file
273 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to junaid haroon

‎10-14-2013 12:16 AM

Hi,

It won't work because you can't have 2 default routes on the pix on 2 different interfaces.

So do what I suggested, that is, configure a subnet static route pointing towards the correct next-hop IP and it should be working.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Vasilii Mikhailovskii
Level 7
Level 7

‎10-13-2013 07:00 AM

Hello.

Could you please provide running configuration of you L3 switch and PIX firewall?

Please provide routing table content (sh ip route) as well.

0 Helpful

Go to solution
junaid haroon
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎10-13-2013 07:35 AM

Hi I am not in office today can you plz tell me the necessary configuration required in Fix pirewall so that my internal users access internet

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to junaid haroon

‎10-13-2013 09:55 AM

Hi,

first you need a default route pointing to your pix on your L3 switch doing the intervlan routing.

You'll also need a static route for each vlan subnet on your pix pointing towards your L3 switch.

finaly you'l have to NAT your vlans on your pix and inspect icmp.

example:

sw

int vlan 1

ip add 192.168.1.1 255.255.255.0

int vlan 2

ip add 192.168.2.1 255.255.255.0

int f0/10

description routed port to pix

no switchport

ip address 10.0.12.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.0.12.2

pix

int eth1

nameif inside

ip address 10.0.12.2 255.255.255.0

no shut

int eth0

nameif outside

ip address 212.12.12.12 255.255.255.0

no sh

route inside 192.168.1.0 255.255.255.0 10.0.12.1

route inside 192.168.2.0 255.255.255.0  10.0.12.1

nat (inside) 1 192.168.0.0 255.255.0.0

global (outside) 1 interface

fixup protocol icmp

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
junaid haroon
Level 1
Level 1
In response to cadet alain

‎10-13-2013 10:45 PM

Hi cadet,

I did same as you mention instead of each vlan route i set the default towards the layers 3 switch.

my layer 3 interface address is 192.168.0.101

route inside 0.0.0.0 0.0.0.0.0 192.168.101.1

but problem is same

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to junaid haroon

‎10-14-2013 12:16 AM

Hi,

It won't work because you can't have 2 default routes on the pix on 2 different interfaces.

So do what I suggested, that is, configure a subnet static route pointing towards the correct next-hop IP and it should be working.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card