Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
4
Replies

PIX & Internet Router IP Addressing Query

baudhayan
Level 1
Level 1

‎02-08-2006 11:47 AM - edited ‎02-21-2020 12:41 AM

Hi,

I have just rcvd a 1 Mbps serial Internet link from my ISP. The link is terminated on a Cisco 1801 rtr with a public IP of 30 bit mask assigned 2 it. I have also rcvd 6 usable public IP's with 29 bit subnet masks. Out of these IP's I have assigned d 1st 1 to d ethernet port of my Cisco rtr. The ethernet port connects directly 2 a PIX-515E. To PIX I have assigned d second public IP. I have used static routing everywhere. I'm able 2 ping all www IP's from my Internet rtr. The problem I'm facing is tht I am able 2 ping all interfaces of the Internet rtr from my PIX but unable 2 ping d ISP's def gateway & any wwww IP's. In my PIX I have set the def gateway as d public IP of d ethernet interface of my Internet rtr. Can any1 tell me wht is d exact config mistake. Do I have 2 change any IP's or subnet mask.

Thnx in advance

0 Helpful
4 Replies 4

Patrick Laidlaw
Level 4
Level 4

‎02-08-2006 04:25 PM

Can you post the config on your pix it would help quite a bit.

I would chech that your permitting icmp through your pix.

icmp permit any any outside

Patrick

0 Helpful

baudhayan
Level 1
Level 1
In response to Patrick Laidlaw

‎02-08-2006 07:04 PM

thnx 4 d quik response. its difficult 4 me 2 edit & post d pix config. anyways from pic i'm able 2 ping all interfaces of d internet rtr.

0 Helpful

scheikhnajib
Level 1
Level 1

‎02-15-2006 09:44 AM

Hi,

With the limited amount of information that you have specified, I can say that:

Since you assigned 2 addresses of the /29 subnet to your Router-to-PIX segment, both the router and the PIX will no longer forward any packet destined to your internal hosts; both will assume that this is an internal request and will try to connect to it by ARPing and looking on the LAN layer.

You might consider adding individual static routes on your router for each of your 4 IPs left such as:

(config)#ip route x.x.x.x 255.255.255.255 y.y.y.y

where x.x.x.x is your host Ip and y.y.y.y is the PIX outside IP.

Don't forget to also make sure that your router has a default route pointing to the ISP router interface.

Hope you find it relative or helpful.

Salem.

0 Helpful

baudhayan
Level 1
Level 1
In response to scheikhnajib

‎02-16-2006 01:40 AM

Thnx Salem 4 ur help. Actually I had already added those routes with 255.255.255.255 but it still didn't work. It was a very simple problem. The ISP had given me a wrong IP which they rectified later. Since the ISP didn't have anu routes defined 4 their wrong IP range nothing worked. Now everthing is working fine. BTW no routes need 2 b defined 4 d public pool since it comes as Connected Route from Internet Router 2 PIX interface & d Internet Router is already aware of d next hop 4 those public IP's (tht is PIX). Thnx 1ce again 4 ur help.

Regards,

Baudhayan Lahiri

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card