04-20-2005 12:24 AM - edited 03-03-2019 09:20 AM
Hi there!
I'm new in Cisco, so if it is something stupid...
I have pix506E with inside interface on 192.168.1.1.
My company has a few subnets. The pix it is not used for routing by the hosts inside company, for this i have a windows RRAS. The pix it is used for internet access from http proxy and mail servers.
I want to add a static route on pix to send trafic for a subnet (10.0.0.0) from proxy and mail, to the RRAS (192.168.1.252)
Route table
outside 0.0.0.0 0.0.0.0 62.X.X.X 1 OTHER static
inside 10.0.0.0 255.0.0.0 192.168.1.252 1 OTHER static
outside 62.X.X.0 255.255.255.0 62.X.X.X 1 CONNECT static
inside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static
Access-list:
access-list com-inside line 21 permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.0.0.0 (hitcnt=0)
And with all this in syslog information i see error 1100011 no route to host 10.X.X.8 from 192.168.1.10
Any ideea what i'm doing wrong?
Thanks
04-20-2005 12:45 AM
hi marius
the route statement on your PIX seems fine.. but u dont need the "access-list com-inside line 21 permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.0.0.0 " command because both 10.x.x.x and 192.168.1.0 are inside PIX and are never gonna hit the pix... what is 192.168.1.10 ??? what exactly is the problem here ?? are you able to ping 10.x.x.8 (any valid IP) from the PIX ??? make sure of the reverse routes too...
let us know...
04-20-2005 12:58 AM
Hello Rajagopal!
Thanks for your answer!
Yes, i'm able to ping 10.X.X.8 from the pix. The host 192.168.1.10 is my station and i was trying to get to the web server 10.X.X.8. Not getting there amke me look at the syslog information where i saw the 110001 error. My station (192.168.1.10) has as default gw the pix.
04-20-2005 02:26 AM
hello marius..
this means, u are trying to access 10.x.x.8 (on inside segment through RAS) from 192.168.1.10 (from inside) ??? unfortunately this wont work, as PIX v6.x doesnt support icmp redirect.. you can do 2 things:
1) on the PC 192.168.1.10 add a static route to 10.x.x.8 pointing to the RRAS 192.168.1.252.... doing this , u will be able to access 10.x.x.8
2) or you need to upgrade ur pix to V7.0 which supports icmp redirect..
try these options and let me know...
Raj
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: