Cisco Systems 2 PIX Same COnfig, though 1 not connected to 'real' outside? Does not work?
Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
2 PIX Same COnfig, though 1 not connected to 'real' outside? Does not work? Scott Townsend 03-23-06
Posted by Scott Townsend on March 23, 2006, 10:27 am
Please log in for more thread options
This seems like it should work okay I have 2 PIXs set up as follows
PIX1: Inside: 10.0.0.1
Outside: 192.168.1.2

PIX1: Inside: 10.0.0.2
Outside2: 192.168.1.2

Inside ----PIX1-----Outside
|
---------PIX2-----Outside2

They are both on the same Internal Network. Though the Outside ports are
connected to different Physical Networks that have the same Address space.
Both PIXs have the same Config (besides the Internal IP)

I've set up a Laptop on Outside2 with a Hosts file that has entries for
Webservers that are published on the PIX2 Outside Interface mapped to the
internal Webserver...

When I try to Access them it does not work...

Is having the same Outside Subnet confusing it? Seems like this would work?

Thanks,
Scott<-



Posted by Walter Roberson on March 23, 2006, 10:50 am
Please log in for more thread options
>Inside ----PIX1-----Outside
> |
> ---------PIX2-----Outside2

>They are both on the same Internal Network. Though the Outside ports are
>connected to different Physical Networks that have the same Address space.
>Both PIXs have the same Config (besides the Internal IP)

How is the routing set up on your servers?

Posted by Scott Townsend on March 23, 2006, 11:16 am
Please log in for more thread options
On the inside network, the routers and servers do not know that PIX2 Exists.
Though they are on the Same Physical Subnet.

Though I though that since the PIX is doing the Address translations from
the outside to the inside, the request would originate from PIX2 which is on
the same subnet and just return the reply to PIX2.

So I have
Router: 10.1.0.1 255.255.0.0
PIX1: 10.1.0.2 255.255.0.0
PIX2: 10.1.0.4 255.255.0.0
WWWServer: 10.1.0.10 255.255.0.0 192.168.0.10/24
MailServer: 10.1.0.11 255.255.0.0 192.168.0.11/24


Both PIXs have the same static table:
static (inside,outside) WWWServer_o WWWServer_i netmask 255.255.255.255 0 0
static (inside,outside) MailServer_o MailServer_i netmask 255.255.255.255 0
0

So both PIXs are responding to 192.168.0.10. Though is that address the one
that is used to route the reply back out to the internet? Even so, wouldn't
it be via the MAC address of the PIX2 and go back to PIX2 to reply?

So here is another question, How do I test the new PIX with the same Config
without taking down the network??

Thanks,
Scott<-


>>Inside ----PIX1-----Outside
>> |
>> ---------PIX2-----Outside2
>
>>They are both on the same Internal Network. Though the Outside ports are
>>connected to different Physical Networks that have the same Address space.
>>Both PIXs have the same Config (besides the Internal IP)
>
> How is the routing set up on your servers?



Posted by Scott Townsend on March 23, 2006, 11:43 am
Please log in for more thread options
Okay, so I think I found (part) of the issue.

I created a Static Route for the Outside IP address I'm using on my Test
laptop, so that the Router and PIX1 know to pass the traffic to PIX2 for
anything destined to that IP.

I can now surf to Web pages on the Inside from Outside2. Now to get VPN to
work.

Thanks,

>>Inside ----PIX1-----Outside
>> |
>> ---------PIX2-----Outside2
>
>>They are both on the same Internal Network. Though the Outside ports are
>>connected to different Physical Networks that have the same Address space.
>>Both PIXs have the same Config (besides the Internal IP)
>
> How is the routing set up on your servers?



Similar ThreadsPosted
2 PIX Same COnfig, though 1 not connected to 'real' outside? Does not work? March 23, 2006, 10:27 am
Is routersim good for testing router config in the real world? March 18, 2006, 11:22 am
weird Config... How long will this work? April 22, 2008, 2:19 pm
efficient use of real ips February 2, 2006, 8:48 am
initial config of 3560, set config, cant ping~~nv_done: unable to open "flash:/C:\new\config.new February 5, 2008, 11:39 pm
using translate as a REAL end-to-end x25 to tcp gateway? February 1, 2006, 9:04 am
Cisco PIX 515: Map virtual ip to real one September 1, 2006, 4:31 pm
Show real ip in ASA5520 log November 26, 2008, 7:45 am
Ideas on showing real IP address December 10, 2007, 2:03 pm
Re: IS PROTOCOL IS-IS REALY USED IN REAL WORLD? July 1, 2009, 6:32 pm
Ciscoworks syslog real-time viewer November 22, 2006, 1:55 am
real exams certification latest dumps August 3, 2007, 11:09 am
FirePlotter - real-time session monitoring for PIX/ASA September 3, 2007, 11:42 am
enabling/dissabling ip multicast traffic in real time on a Cisco router using windows script July 23, 2005, 9:10 pm
Good tool for reporting real-time and trend stats for multiple VPN 3000 concentrators? November 29, 2005, 9:58 am
Residential Cabling Guide

Home Cabling Guide

Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!

Learn More