Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
4
Replies

route inside on a pix 515

skcarter
Level 1
Level 1

‎03-08-2005 07:53 PM - edited ‎02-21-2020 12:00 AM

I am setting up a vlan on a layer 3 cat switch behind our pix. I have routing setup correctly on the switch and I have a route inside statement setup on the pix.

the hosts on the new vlan subnet can access the internet through our subnet but cannot access any hosts on the subnet.

To clarify

the original subnet "vlan1" is 10.40.1.0

the new subnet on vlan2 is 10.20.1.0

the pix is on 10.40.1.1

here is the route statement on the pix.

route outside 0.0.0.0 0.0.0.0 XX.XX.XX.XX 1

route inside 10.20.1.0 255.255.255.0 10.40.1.254 1

here is the route statement on the layer 3 switch.

ip route 0.0.0.0 0.0.0.0 10.40.1.1

ip route 10.20.1.0 255.255.255.0 Vlan2

ip route 10.40.1.0 255.255.255.0 Vlan1

now clients on vlan 2 subnet 10.20.1.0 can access the internet via the next hop of 10.40.1.1 but cannot access any of the hosts on vlan1

one exception is an XP host I did a route add staement on. this host can access the new subnet and the hosts on hte new subnet can access it.

I dont want to have to put route add statements on all my hosts :-).

why isnt the pix routing for any device but itself?

0 Helpful
4 Replies 4

shannong
Level 4
Level 4

‎03-08-2005 09:58 PM

What are the host using as their default gateway? If they're using the Pix, this won't work. The Pix cannot actually route and will not send a packet out the same interface that it came in. The hosts need to be using the L3 switch as their default gateway.

0 Helpful

skcarter
Level 1
Level 1
In response to shannong

‎03-09-2005 05:15 AM

thanks

your post made me go back and review the example config at http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094767.shtml

it clearly states "now that I see it" that all hosts on the initial subnet have to have the internal route "or layer 3 switch in our case" as the default gateway.

So when I set my default gateway to 10.40.1.254 it works fine. I can set my dhcp to hand out a new gateway easy enough and statically set my gateway address statically on my servers. the only issue I have now is a few of our servers have a different default route to another firewall for web and email hosting. I suppose route maps are in order for those.

0 Helpful

shannong
Level 4
Level 4
In response to skcarter

‎03-09-2005 06:15 AM

I recommend you change the servers to use your L3 switch as their default gateway. Most firewalls don't have L3 capabilties like policy based routing.

0 Helpful

skcarter
Level 1
Level 1
In response to shannong

‎03-09-2005 01:32 PM

I did that on most of my servers except for my smtp server which uses a different gateway for outbound email. I did a route add [destination|mask|nexthop|metric command on it and it is routing to the new subnet but is also still using its origional gateway. So its all working fine now.

Thanks for pointing me in the right direction.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card