Inside LAN packets dropped at inside PIX interface.

jpeter · ‎10-10-2002

We have a WAN with a PIX and (2) 2620 routers in the following config...

Internet<--PIX<----LAN1----Cisco2620<----HDLC Serial-----Cisco2620<---LAN2

Currently hosts on both LAN1 and LAN2 are able to talk to one another only after adding entries to their respective routing tables. Packets from printers and videocon equipment reach the PIX (default gateway) and are dropped. As a result, if a host on LAN1 tries to communicate to a host on LAN2 (without any route table modifications on the hosts) the packets are dropped.

The PIX is configured with two static net routes for LAN1 and LAN2. The two Cisco routers are using EIGRP.

This almost sounds like a test question, but what has to be done so a host on LAN1 and communicate with a host on LAN2, without adding an entry to the hosts' routing tables? Should I enable RIP on the PIX and two routers? Do we need an additional router bewteen the PIX and LAN1 enabled with EIGRP to redirect packets back to LAN2?

Once again the PIX has static routes to LAN1 and LAN2, however, the syslogs show packets destined for LAN2 being dropped at the inside PIX interface.

Any input would be greatly appreciated.

Nairi Adamian · ‎10-10-2002

Unlike a router, pix will not send any packets back on the interface it received them on. Hence why you are getting packets dropped on the pix.

One option for you is to set the default gateway of the hosts on Lan1 to Cisco2620 and default gateway of the Cisco2620 to the pix.

Hope this helps,

-Nairi

jpeter · ‎10-11-2002

Thanks!

I did try it initially, but was unsure whether the packets would route out to the internet form the 2620.

I was just checking to make sure there wasn't something obvious I was missing.