01-09-2003 07:22 AM - edited 03-09-2019 01:37 AM
Information :
Our LAN 192.168.168.0/24 with a PIX515 as gateway (192.168.168.254)
Other gateway in our LAN (192.168.168.201) with tunnels with the Intranet of one of our branch office (Branch office LAN : 172.16.0.0/24).
Description of the problem :
We have a PIX515 which is the gateway of our private LAN. I installed an other gateway in our LAN just used to access remote LAN of some of our branch offices in order to decrease the charge of our PIX515.
My problem is that the PC in my LAN should have the other gateway as default gateway when they want to access the remote Intranet of our Branch office. if I do this, it works (the tunnel connection)
However I need to keep the PIX 515 as default gateway, that's why I added a static route in the inside interface of our PIX which says that the 172.16.0.0/24 is accessible via the other gateway (192.168.168.201).
When I am connected on the PIX, I can without any problem access to these remote LAN but when I am on a PC from our LAN I cannot, even if my default gateway is the PIX515.
For example, when I am on the PIX and if I make a "ping 172.16.0.1", it works
When I am on a PC (192.168.168.199 for example) which default gateway is the PIX (192.168.168.254) and which public default route is "0.0.0.0 mask 0.0.0.0 via 192.168.168.254", it fails !
I make a "tracert 172.16.0.1" command to see where the packets are lost and that's the PIX which doesn't forward the packets to the other Gateway !
What's happens? why the PIX515 doesn't forward the packets as a single router ?
Please help me, it's very important ...
01-09-2003 08:12 AM
You could'nt do this. A packet received By the PIX on one interface coul'nt be resend through the same interface . Actually, for security raeson, the pix drops the packets.
You have to use a router to make this staff.
I hope this will help you.
01-09-2003 10:23 AM
The PIX (for security reasons) does not do icmp redirects and also cannot
inbound and outboud packet in the same interface.
(You cannot have translations slots for this)
SOLUTION: make you router the default gateway
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide