10-13-2013 06:34 AM - edited 03-04-2019 09:18 PM
Hi,
i have netwrok infrastructure like this
internal lan--------->Layer3 switch---------------->Pix firewall------------------------------------internet
I have vlans and all clients of different vlan access each other.i am using a layer3 switch for intervaln routing but i am facing issue no one can accesss the internet.how i ever i have already switch on the Global NATING on PIX firewall.
i Attached the file and i follow same senario which mentioned in file.
Plz help me out.
Solved! Go to Solution.
10-14-2013 12:16 AM
Hi,
It won't work because you can't have 2 default routes on the pix on 2 different interfaces.
So do what I suggested, that is, configure a subnet static route pointing towards the correct next-hop IP and it should be working.
Regards
Alain
Don't forget to rate helpful posts.
10-13-2013 07:00 AM
Hello.
Could you please provide running configuration of you L3 switch and PIX firewall?
Please provide routing table content (sh ip route) as well.
10-13-2013 07:35 AM
Hi I am not in office today can you plz tell me the necessary configuration required in Fix pirewall so that my internal users access internet
10-13-2013 09:55 AM
Hi,
first you need a default route pointing to your pix on your L3 switch doing the intervlan routing.
You'll also need a static route for each vlan subnet on your pix pointing towards your L3 switch.
finaly you'l have to NAT your vlans on your pix and inspect icmp.
example:
sw
int vlan 1
ip add 192.168.1.1 255.255.255.0
int vlan 2
ip add 192.168.2.1 255.255.255.0
int f0/10
description routed port to pix
no switchport
ip address 10.0.12.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.0.12.2
pix
int eth1
nameif inside
ip address 10.0.12.2 255.255.255.0
no shut
int eth0
nameif outside
ip address 212.12.12.12 255.255.255.0
no sh
route inside 192.168.1.0 255.255.255.0 10.0.12.1
route inside 192.168.2.0 255.255.255.0 10.0.12.1
nat (inside) 1 192.168.0.0 255.255.0.0
global (outside) 1 interface
fixup protocol icmp
Regards.
Alain
Don't forget to rate helpful posts.
10-13-2013 10:45 PM
Hi cadet,
I did same as you mention instead of each vlan route i set the default towards the layers 3 switch.
my layer 3 interface address is 192.168.0.101
route inside 0.0.0.0 0.0.0.0.0 192.168.101.1
but problem is same
10-14-2013 12:16 AM
Hi,
It won't work because you can't have 2 default routes on the pix on 2 different interfaces.
So do what I suggested, that is, configure a subnet static route pointing towards the correct next-hop IP and it should be working.
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide