Re: PIX and routing

michiganheart · ‎05-03-2004

I have a pix 515e and am having trouble getting to a remote site 3 hops from my central office router. The addresses are all 10 nets. I can get to everything directly attached to the central office 3600. I am not running any sort of routing on the pix. Anybody have any ideas?

mostiguy · ‎05-03-2004

you may need to statically route something. without more details about your topology, we are just guessing

michiganheart · ‎05-03-2004

I have already added the static for the subnet I am trying to go to. I am able to ping it from the PIX, but am unable to get to it from my vpn subnet.

goletu · ‎05-03-2004

It depends on how you are connected to the remote office.

If your connection is via the internet you will need to configure a VPN tunnel between both sites. Remember that 10 networks is not routable on the internet.

If it is a private connection, you need to check your default gateways on both ends and on all remote workstations. If you can get to the Central office's 3600 router, check to make sure that the default gateways of all devices in that network is the 3600 or another router that have routing connectivity to the 3600 do the same for all device on the PIX firewall end.

goletu · ‎05-03-2004

If you can ping from the PIX firewall and not from your VPN subnet. Since you did not give much details, I will assume that, your local VPN subnet is one hub away from the PIX firewall.

If thats the case, try to make the PIX firewall the default gateway for your VPN subnet devices.

michiganheart · ‎05-03-2004

the vpn terminates on the outside interface of the pix, and the inside interface is on the same subnet as my 3600 central office router.