Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2245
Views
0
Helpful
60
Replies

Communication between two networks...

stemaxsin
Level 1
Level 1

‎05-30-2007 07:20 AM - edited ‎03-05-2019 04:22 PM

I have two devices I need to connect and allow one-way communication between...a 2611 router and a PIX 501 Firewall.

On the network behind the 2611, the IP schema is this (IP/SUB/GATE) (10.20.30.x/255.255.0.0/10.20.30.1)

On the network behind the PIX, the IP schema is this (IP/SUB/GATE) (192.168.1.x/255.255.255.0/192.168.1.21)

The PIX is configured for its own internal network and is used as the primary device between its network and the outside world.

The 2611 has not yet been configured, but I'm hoping to be able to configure it to act as a security device for our network.

I have not yet performed any configuration on either of the devices that is necessary to "connect" the two networks. I need to be able to have one-way communication between one computer on the 2611 network (10.20.30.218) and one computer on the PIX network (192.168.1.1) on one specific port (8234).

Is it possible to accomplish this with simply entering the appropriate commands on both devices and if so, how?

I've had a little bit of exposure to the 26xx line, but have no experience at all with any PIX devices. Just can't seem to figure out the Device Manager on the PIX.

Can anyone help me out with the commands necessary to facilitate this configuration? It would be greatly appreciated.

Thank you.

Labels:
0 Helpful
60 Replies 60

stemaxsin
Level 1
Level 1
In response to acomiskey

‎06-05-2007 05:25 AM

Nope...still unable to ping the 192.168.1.22 address from the 192.168.1.1 workstation.

Thanx.

0 Helpful

acomiskey
Level 10
Level 10
In response to stemaxsin

‎06-05-2007 05:29 AM

2611, post a "show int e0/1" and also give the command "ip routing".

0 Helpful

stemaxsin
Level 1
Level 1
In response to acomiskey

‎06-05-2007 05:37 AM

Here's both interfaces...

Preview file
3 KB
0 Helpful

acomiskey
Level 10
Level 10
In response to stemaxsin

‎06-04-2007 05:26 PM

This is the longest post ever!

Just realized something after seeing your new image. Your host on the 10. network needs a route to the 192. network as well. I assumed the 2611 was the gateway for 10. network, my bad.

0 Helpful

stemaxsin
Level 1
Level 1
In response to acomiskey

‎06-05-2007 05:11 AM

Cool.

How do I accomplish this route from the 10 to the 192?

Thanx.

0 Helpful

acomiskey
Level 10
Level 10
In response to stemaxsin

‎06-05-2007 05:20 AM

route add 192.168.1.0 mask 255.255.255.0 10.20.30.40 -p

0 Helpful

stemaxsin
Level 1
Level 1
In response to acomiskey

‎06-05-2007 05:28 AM

Okay...I think we have some good news on this one.

After adding the "route add 192.168.1.0 mask 255.255.255.0 10.20.30.40 -p" to the 10.20.30.218 workstation, that workstation can now ping the 192.168.1.22 address on the ethernet0/1 interface of the 2611, but still cannot ping any other 192.168.1.x address.

Thanx.

0 Helpful

acomiskey
Level 10
Level 10
In response to stemaxsin

‎06-05-2007 05:35 AM

That's good.

You should absolutely be able to ping between the 2611 and the 192. workstation and vice versa. If not, verify where you have the 2611 plugged into the 192. network.

0 Helpful

stemaxsin
Level 1
Level 1
In response to acomiskey

‎06-05-2007 05:42 AM

From the 192 workstation...

ping 192.168.1.21 - pass

ping 192.168.1.22 - fail

ping 192.168.1.{other} - pass

ping 10.20.30.40 - fail

ping 10.20.30.{other} - fail

From the 2611...

ping 192.168.1.21 - fail

ping 192.168.1.22 - pass

ping 192.168.1.{other} - fail

ping 10.20.30.* - pass

From the 10 workstation...

ping 192.168.1.21 - fail

ping 192.168.1.22 - pass

ping 192.168.1.{other} - fail

ping 10.20.30.40 - pass

ping 10.20.30.* - pass

The 192 workstation is plugged into an unmanaged switch directly off the PIX.

Thanx again.

0 Helpful

acomiskey
Level 10
Level 10
In response to stemaxsin

‎06-05-2007 05:52 AM

For some reason you have no connectivity between 192.168.1.22 and the rest of the 192. network.

Where is the 2611 plugged into exactly on the 192. network? The same switch as the workstation?

0 Helpful

acomiskey
Level 10
Level 10
In response to stemaxsin

‎06-05-2007 05:55 AM

For some reason you have no connectivity between 192.168.1.22 and the rest of the 192. network.

Where is the 2611 plugged into exactly on the 192. network? The same switch as the workstation?

0 Helpful

stemaxsin
Level 1
Level 1
In response to acomiskey

‎06-05-2007 06:01 AM

Actually, the e0/1 (192.168.1.22) is plugged directly into one of the four LAN ports on the PIX.

Thanx.

0 Helpful

acomiskey
Level 10
Level 10
In response to stemaxsin

‎06-05-2007 06:02 AM

Can you ping 192.168.1.22 from the pix?

If you can't then there's something wrong.

0 Helpful

stemaxsin
Level 1
Level 1
In response to acomiskey

‎06-05-2007 06:23 AM

Yep...from the PIX, pinging 192.168.1.22, I get no response.

What else could be wrong?

Did I miss something in the PIX? Is there extra configuration needed?

Thanx again.

0 Helpful

acomiskey
Level 10
Level 10
In response to stemaxsin

‎06-05-2007 06:32 AM

That's just a switch port on the pix, as long as the pix has an ip, which it does, and the router is plugged into a port on the pix and it's on the same network it should work. Are you sure 192.168.1.22 is not a duplicate address? Can you reset the firewall and the router or at least do a "clear arp" on them.

You can also try to plug a pc directly into the e0/1 on the router, give the pc a 192.168.1.x address and try to ping 1.22.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card