IP route for Router and PIX --- need help

- B
- bensonlei
  
  Contact options for registered users
posted
17 years ago

Thu, Dec 14, 2006 9:29 AM

Hi, All,

The question is that our company has a PIX506E and a Router 1721 run in parallel in the network.

The LAN interface of PIX506E = 192.168.10.1;
The LAN interface of Router = 192.168.10.254 ( controlled by ISP );
The Default Gateway for LAN users is set to the LAN interface of the PIX = 192.168.10.1;
The VPN tunnel ( 192.168.20.0 ) goes through the LAN interface of the Router = 192.168.10.254.

How can I configure the route on the PIX so the users in subnet

192.168.10.0 can go to the subnet 192.168.20.0 via the LAN interface of Router = 192.168.10.254 ?

Thanks a lot. Benson

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Thu, Dec 14, 2006 10:10 AM

You can't do that on that model -- not unless you do the unsupported and put PIX 7.x on the 506E.

In PIX 4/5/6, when a [logical] interface receives a packet that is destined for a host on that same [logical] interface, the PIX always drops the packet. You need PIX 7.0 in order to be allowed to have the PIX forward a packet back to the same interface that the packet came in on (and even in 7.x it has significant restrictions.)

What you -should- do is have the default gateway for the LAN hosts be set to the internal router IP, 192.168.10.254, with the router set to forward appropriate traffic to the PIX

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.