04-28-2005 11:38 PM - edited 03-09-2019 11:06 AM
I'm doing this and it's coming back with no response:
ping inside 192.168.2.1 # ping inside - dmz
I've been burying myself in pix docs... I'm attaching my pix config.....
-robert
04-29-2005 05:17 AM
Looked at your config. You should change the following:
route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 should be
route outside 0.0.0.0 0.0.0.0 1.2.23.81 (assuming .81 is your Internet router)
What will cause you even more problems is the static:
static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0 Please remove this line.
As far as I can see, you are referring to an identical subnet here. This last line may cause your problem. Please post the results of: show interface and: show route if it still does not work.
Regards,
Leo
04-29-2005 09:09 AM
Leo,
I have the inside interface connected to a live network so I can test, that's why I have the default route going to 192.168.0.1. The static 192.168.0.0 to 192.168.0.0 was documented as the way to turn off nat from inside to dmz. And I actually don't want to nat between these 2 networks anyway. I can see how the default route can cause issues so I added a static route to the exsiting Firewall (not a pix) to forward 192.168.2.0 to 192.168.0.10, but it's still not working... Do you recommend a better way for me to
test the pix?
-robert
05-03-2005 12:55 PM
I learned that ping is not a good debugging tool when it comes to the pix. I come from a router background. When you setup a router, the first thing is ping the interfaces to make sure they up. You can't do that on a pix. The best way to test is to put the different interfaces on closed segments, put machines running services you are opening and test that way. I did this and had a lot more success with the getting things to work.
-robert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide