04-22-2004 02:31 PM - edited 03-09-2019 07:09 AM
Hello,
I´m installing a PIX with some users that need connect to another network outside of the LAN, all the Lan use a router how gateway for have access to the internet, they are using proxy, when I connect the PIX how gateway in the PC´S and make the "route inside 0.0.0.0 0.0.0.0 x.x.x.x", the access to Internet dont work, because the browser dont show the login request to the proxy, and this work when the router are configured how gateway in the PC.
Any idea?
Thanks in advance.
Manuel Domínguez
04-22-2004 07:18 PM
If I understand you correctly, if the users use the router as their default gateway, internet access is fine, but if the use the pix, the internet access fails.
The route inside 0.0.0.0 0.0.0.0 x.x.x.x command on the pix is most likely the problem, the default route should be on the outside interface, or an interface that is not on the inside. The pix will not send back traffic off of the same interface (logical if you are using ieee 802.1q vlan tagging) that it received traffic on.
Usually the default route is either the router that you mentioned, or another connection.
Can you diagram your topology? I am wondering where the router and the pix are in relation to each other as well as to the users and the isp/internet access.
The topology will me or anyone else solve your problem better.
04-23-2004 03:46 PM
Thanks Edward,
Im´installing the Pix how gateway for another private WAN, not for Internet, the defoult route is:
"route outside 10.1.0.0 255.255.0.0 x.x.x.x 1"
"route inside 0.0.0.0 0.0.0.0 x.x.x.x 2" this is for access to Internet router, but this configuration dont work for internet, but yes for the another outside WAN. When the PC´S make a request for internet via IE browser, the proxy dont send the login request, but the most interesting is that the PIX make ping to any IP on internet.
Another things is that remote connection(Terminal Server) is work fine but the printing services not. The user connect to remote WAN through terminal server but when they want print to printer in the LAN from the terminal server the print job are lose.
Thanks again,
M.D
04-30-2004 11:16 AM
Sorry that I took so long to reply back.
According to your topology, the pix, router RTC and the users are on the same ip subnet (lan) and the user's pc is configured to use the pix as the default gateway. Either run pix 6.3.3 and config logical interfaces on the pix and move RTC to that new subnet, or config static routes on each user's pc to connect to RTC as the default route, and the pix for only the connections/networks via RTB.
The pix will allow all connections from the inside interface by default, but it will not allow connections to be initiated by outside hosts. Find out what ports and protocols the terminal server uses to send the print stream, and make sure that they are listed in an access-list and then apply that list to the outside interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide