Communication between two networks... - Page 3

stemaxsin · ‎05-30-2007

I have two devices I need to connect and allow one-way communication between...a 2611 router and a PIX 501 Firewall.

On the network behind the 2611, the IP schema is this (IP/SUB/GATE) (10.20.30.x/255.255.0.0/10.20.30.1)

On the network behind the PIX, the IP schema is this (IP/SUB/GATE) (192.168.1.x/255.255.255.0/192.168.1.21)

The PIX is configured for its own internal network and is used as the primary device between its network and the outside world.

The 2611 has not yet been configured, but I'm hoping to be able to configure it to act as a security device for our network.

I have not yet performed any configuration on either of the devices that is necessary to "connect" the two networks. I need to be able to have one-way communication between one computer on the 2611 network (10.20.30.218) and one computer on the PIX network (192.168.1.1) on one specific port (8234).

Is it possible to accomplish this with simply entering the appropriate commands on both devices and if so, how?

I've had a little bit of exposure to the 26xx line, but have no experience at all with any PIX devices. Just can't seem to figure out the Device Manager on the PIX.

Can anyone help me out with the commands necessary to facilitate this configuration? It would be greatly appreciated.

Thank you.

stemaxsin · ‎06-04-2007

Okay, when I attempt to run the route add command on the workstation in the 10 (2611) network, I get a bad gateway error...when I attempt it on a workstation in the 192 (PIX) network, I get a bad argument error.

Thanx.

acomiskey · ‎06-04-2007

Sorry, forgot "mask"....

route add 10.20.0.0 mask 255.255.0.0 192.168.1.1 -p

stemaxsin · ‎06-04-2007

So, I'll need to issue the command on the workstation within the 192 (PIX) network, not the 10 (2611) network, right?

Thanx.

And, thanx very much for your patience in this matter...you have no idea how appreciated it is!!!

8^)>

acomiskey · ‎06-04-2007

Yes, 192 machine.

Well, I just hope it works out. It would have been much easier if you had a 3 port router, but that's another thread :)

stemaxsin · ‎06-04-2007

Okay...I have entered the command into the 192 machine, but I still cannot ping that machine from the 10 network. However, I can ping the router from the 10 network, but only the 10 address on it...not the 192 address on the other interface.

It feels like we're getting closer now.

Any other suggestions?

Thanx.

stemaxsin · ‎06-04-2007

Also, from the router (2611), I can ping any address on the 10 (2611) side, but nothing on the 192 (PIX) side.

Did I miss something on the router config?

Should I post my router config?

Thanx.

acomiskey · ‎06-04-2007

Could you post a little picture of what you have currently?

Most importantly, can you ping 192.168.1.1 from the 192.168.1.x machine?

stemaxsin · ‎06-04-2007

I've attached an image.

Yes, I can ping the gateway from the 192.168.1.x machine (in this case, the workstation is .1 and the gateway is .21).

Thanx.

stemaxsin · ‎06-04-2007

Remember, also, that we're trying to have data flow from the 10 (2611) network to the 192 (PIX) network...not the other way around.

Thanx again.

stemaxsin · ‎06-04-2007

Any new ideas as of yet?

8^)>

Thanx.

acomiskey · ‎06-04-2007

I thought the 2611 was 192.168.1.1?

Anyway, doesn't matter, it is good that you can ping the gateway but what I meant to say was can you ping the 2611 - 192.168.1.22 from 192.168.1.x?

stemaxsin · ‎06-04-2007

From the router (2611), I can ping...

- Ethernet0/0 = 10.20.30.40

- Ethernet0/1 = 192.168.1.22

- All 10.20.30.x addresses on the 10 (2611) network

From any workstation on the 10 (2611) network, I can ping...

- Ethernet0/0 = 10.20.30.40

From the 192 (PIX) network, I cannot ping any of the addresses (which doesn't really matter to me). I only need to be able to reach the 192 (PIX) network from the 10 (2611) network. I don't need it to work the other way around.

Hope this helps.

Thanx.

acomiskey · ‎06-05-2007

I understand you don't want traffic to originate from 192. network, but being able to ping the router from the 192. host will prove the routing is working.

Anyway, open a command prompt on the 192. host and post a "route print".

Do you have any acl's in the router yet? Post the router config.

stemaxsin · ‎06-05-2007

I've attached both the route print from the 192 workstation and the show config from the 2611 router.

Thanx.

acomiskey · ‎06-05-2007

Looking at your route print, I see a mistake. The following line is wrong, the 2611 is 192.168.1.22 right?

10.20.0.0 255.255.0.0 192.168.1.1 192.168.1.1 1

You need to remove that route and add another one with the correct address.

route delete 10.20.0.0

route add 10.20.0.0 mask 255.255.0.0 192.168.1.22 -p

Give that a try and see if you can ping 192.168.1.22 from 192. workstation.