07-24-2006 02:52 AM - edited 03-03-2019 01:26 PM
hi all,
how do i make my pix understand the traffic coming from my remote location office connected through mpls connection
we have 1 remote location connected to main office, both sides have routers configured and working properly using ip addresses as following.
remote location ip subnet : 10.8.0.0
main office ip subnet : 192.168.1.0
now the remote office works okay with main office but now few of the computers need to be given the access to internet therefore, now the i would have to tell the remote router to route the http traffic to main office and main office router to route towards pix local interface.
Problem comes that it's not happenings, when doing a traceroute i can see that i reach the main branch router and then nothing happenes.
how to i configure the pix to accept the traffic coming from different sub net from the one it has on it's local interface ???
07-24-2006 11:52 PM
Please advise how do you make the router forward those Internet traffic to PIX ? I assume it will be policy-based routing or a default route to the PIX. PIX should do the NAT before transmit the packet to the ISP. Moreover, the PIX also need to point to the main office router as gateway.
If there is still the problem, please provide the routers' configuration.
Hope this helps.
07-29-2006 03:49 AM
my senario is like: text file attached as diagram.txt
On Remote Machine the gateway is 10.8.0.10 *remote router
On Remote Router i have *ip route 2.2.2.2 255.255.255.255 192.168.1.250
on Main Off Router i have *ip route 2.2.2.2 255.255.255.255 192.168.1.251 (pix inside interface)
Question:
I think i am not following you correctly,
1. i have added the remote subnet as the inside subnet on my pix" by route inside command as
route inside 10.8.0.0 255.255.255.255 192.168.1.250
a little help would be great as i am really stuck
07-29-2006 07:01 AM
hello zulqurnain
you said nothing happened on pix ,i think perhaps the pix teardown or drop your trace flow. try to debug and observe what happen on pix .
lucky
07-29-2006 07:19 AM
Hi ,
If the network is connecting the Internet through the PIX do the following :
1- In remote router configure defualt gateway the main office
ip route 0.0.0.0 0.0.0.0 192.168.1.250
2-In the main route configure default gateway to PIX
ip route 0.0.0.0 0.0.0.0 PIX
3-In the PIX , (I assume the traffic from main router is in high level securety ( inside) than zone going to internet zone ( internet) )
- Creat PAT for subnet 10.8.0.0/24
nat(inside) 1 10.8.0.0 255.255.255.0
global(internet) 1 X.X.X.X 255.255.255.255
where X.X.X.X is public IP
4- make sure that PIX knows how to get network 10.8.0.0/24
ip route 10.8.0.0 255.255.255.0 main router
regards
07-30-2006 02:24 AM
well, i did what you told me to and when i ping 10.8.0.0 subnet from pix while enabling the icmp trace, i see
453: ICMP echo request (len 32 id 9233 seq 0) outside interface > 10.8.0.50
10.8.0.50 NO response received -- 1000ms
07-30-2006 08:06 PM
Did you find any log in PIX that drop the ICMP packet ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide