Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
3
Replies

static route problem

ccnit
Level 1
Level 1

‎07-17-2005 05:18 PM - edited ‎03-03-2019 10:03 AM

Hi

I have a web server (Win 3K server) in DMZ with two network cards (Network

card 1= E1, Network card 2 = E2)

E1 connects to public network (internet) via PIX 515 firewall A

Default gateway for E1: firewall A

E2 connects to private network (database server) via PIX 515 firewall B

Default gateway for E2: firewall B

I have added some static routes on the web server to route packet to a

database server using "route add" NT command

Eg

Route add Destination MASK Gateway if Interface2

On the firewall B public ip address is mapped to a private ip address

Eg :

static (inside,outside) “public ip address” “private ip address” netmask MASK 0 0

After adding static route, the default gateway in route table is Firewall A.

However after 8-12 hours later route tables gets altered mysteriously and the

default gateway becomes Firewall B.

Once the default gateway is altered web server is inaccessible from outside world, however for internal network it works fine. To fix this problem I restart the server and add routes again.

Can someone help me? How I can solve this problem.

Many thanks

Dipendra

Labels:
0 Helpful
3 Replies 3

thisisshanky
Level 11
Level 11

‎07-17-2005 09:27 PM

I think you can add the static routes in your servers as persistent routes so that they dont change.

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prcc_tcp_gvuf.asp

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

Georg Pauwen
VIP
VIP

‎07-17-2005 09:42 PM

Hello Diprendra,

can you tell if your Windows server looses connectivity to the PIX around the time when this problem occurs (the error logs on the Windows server might reveal something) ?

Does it make a difference when you use the '-p' (permanent) option when adding the route to the routing table of the Windows server ?

Regards,

GP

0 Helpful

ccnit
Level 1
Level 1
In response to Georg Pauwen

‎07-17-2005 09:57 PM

Thanks for you reply GP.

When this happens i can ping from PIX to the server and from server to the PIX. I tried adding '-p'also but no luck.Here is the PIX firewall A log when this problem occurs.

xx.xx.x.xx is the webserver

302001: Built inbound TCP connection 135581 for faddr 202.7.166.168/58322 gaddr

xx.xx.x.xx/80 laddr xx.xx.x.xx/80

302002: Teardown TCP connection 135560 faddr 203.29.145.30/2986 gaddr xx.xx.x.xx

/80 laddr xx.xx.x.xx/80 duration 0:02:27 bytes 0 (SYN Timeout)

Many Thanks

0 Helpful
Customers Also Viewed These Support Documents