Hi - we'd like to add an internal subnet to our exiting LAN using a dump home router.
And I'm new to the PIX506.
The default route for the LAN is the PIX506 (192.x.1.1.)
In short, I'd like to change this
Internet --- Cisco1721 ==== PIX506 ---- LAN (192.168.1.0/24)
to this
Internet --- Cisco1721 ==== PIX506 ---- LAN -- dumb router | | (192.168.2.0/24)
I was able to add a route with the route command
route inside 192.168.2.0 255.255.255.0 192.168.1.254 2
I can
(1) ping the PIX506 firewall from a machine on the new subnet (192.168.2.10) (2) ping the dumb router from the PIX506 (3) ping a host on the new subnet (192.168.2.10) from the PIX506
but I can't ping any other host on the 192.168.1.x subnet from the
192.168.2.x subnet (nor can I ping a host on the 192.168.2.x subnet from 192.168.1.x subnet other than from the PIX506.)When I try to ping a host on the 192.168.1.x subnet from the
192.168.2.x subnet, the PIX506 logs the following error messageJun 21 12:52:55 firewall Jun 21 2007 13:09:31: %PIX-3-106011: Deny inbound (No xlate) icmp src inside:192.168.1.101 dst inside:192.168.2.10 (type 0, code 0)
The OS version on the PIX506 is 6.3(3).
And needless to say, routing isn't working correctly.
-- Ken