1. Home
  2. Cisco Systems
  3. PIX 506 static route

PIX 506 static route

Hi, I have 2 gateways in my network: 1 Cisco PIX 506 (10.171.206.1) and Ipcop (10.171.206.2) with a DMZ (on the Ipcop) where the mail server resides (192.168.0.4).

I just would like that a computer with the PIX defined as default Gateway could access the mail server on the IPCop's DMZ

I Thougth about adding a static route on the PIX like: route 192.168.0.1 255.255.255.0 10.71.206.2 1

It doesn't seem to be enough as the mail server doesn't answer the pings.

What did I miss here??? Note: it worked perfectly with another Ipcop instead of the PIX Thanks in advance for our help

Reply to
Xbs
Loading thread data ...

PIX 4/5/6 never allows packets to return to the same [logical] interface they reached the PIX by. PIX 7 sometimes does, but only when at least one VPN is involved.

Upgrade your PIX to 6.3(3) or later and construct a logical interface overlaying your inside interface and give the logical interface an address directly in the 192.168.0 network, bypassing IPCOP. Or if you want to keep IPCOP there, assign it a new address range such as 192.168.1.2/24 and put the logical interface in that network and add the route to 192.168.0.0 255.255.255.0 through 192.168.1.2

Reply to
Walter Roberson

I forgot to mention that this will require using a LAN switch that is 802.1Q VLAN aware.

Reply to
Walter Roberson

Thanks a lot, I'll consider upgrading

"Walter Roberson" a écrit dans le message de news:ZYiXg.124003$1T2.38050@pd7urf2no...

Reply to
Dave

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.