Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

internet access for valns

Hi,

i have netwrok infrastructure like this

                                      internal lan--------->Layer3 switch---------------->Pix firewall------------------------------------internet

I have vlans and all clients of different vlan access each other.i am using a layer3 switch for intervaln routing but i am facing issue no one can accesss the internet.how i ever i have already switch on the Global NATING on PIX firewall.

i Attached the file and i follow same senario which mentioned in file.

Plz help me out.

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

internet access for valns

Hi,

It won't work because you can't have 2 default routes on the pix on 2 different interfaces.

So do what I suggested, that is, configure a subnet static route pointing towards the correct next-hop IP and it should be working.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
5 REPLIES

internet access for valns

Hello.

Could you please provide running configuration of you L3 switch and PIX firewall?

Please provide routing table content (sh ip route) as well.

New Member

internet access for valns

Hi I am not in office today can you plz tell me the necessary configuration required in Fix pirewall so that my internal users access internet

Purple

internet access for valns

Hi,

first you need a default route pointing to your pix on your L3 switch doing the intervlan routing.

You'll also need a static route for each vlan subnet on your pix pointing towards your L3 switch.

finaly you'l have to NAT your vlans on your pix and inspect icmp.

example:

sw

int vlan 1

ip add 192.168.1.1 255.255.255.0

int vlan 2

ip add 192.168.2.1 255.255.255.0

int f0/10

description routed port to pix

no switchport

ip address 10.0.12.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.0.12.2

pix

int eth1

nameif inside

ip address 10.0.12.2 255.255.255.0

no shut

int eth0

nameif outside

ip address 212.12.12.12 255.255.255.0

no sh

route inside 192.168.1.0 255.255.255.0 10.0.12.1

route inside 192.168.2.0 255.255.255.0  10.0.12.1

nat (inside) 1 192.168.0.0 255.255.0.0

global (outside) 1 interface

fixup protocol icmp

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

internet access for valns

Hi cadet,

I did same as you mention instead of each vlan route i set the default towards the layers 3 switch.

my layer 3 interface address is 192.168.0.101

route inside 0.0.0.0 0.0.0.0.0 192.168.101.1

but problem is same

Purple

internet access for valns

Hi,

It won't work because you can't have 2 default routes on the pix on 2 different interfaces.

So do what I suggested, that is, configure a subnet static route pointing towards the correct next-hop IP and it should be working.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
164
Views
0
Helpful
5
Replies