06-21-2005 12:28 PM - edited 03-02-2019 11:10 PM
We have two companies that need to communicate to each other. They are side by side and a fiber connection exists between them terminating into a fiber-ethernet converter. We want to limit who has access to the other company by placing a router between them. Both companies have PIX firewalls and seperate T1's to the Internet. We want to put a 1751 with an extra ethernet card in it so we can route between them. The left network in 192.168.0.X and the right network is 192.168.1.X. What is the best way to route only the traffic destined for the opposite networks?
06-21-2005 01:44 PM
There are a few things about the situation you describe that are not clear, such as what kind of network each company does and how they are currently doing their routing. But it seems to me based on what you describe that there is a fairly simple solution. Put the 1751 in between the two companies. In the 192.168.0.x network insert a route for 192,168,1.0 pointing to the router and keep the existing default route pointing to the PIX and to the Internet. In the 192.168.1.x network insert a route for 192.168.0.0 pointing to the router and keep the existing default route pointing to the PIX and to the Internet. If you want to control who in each company has access to the other company you can configure access lists on the interfaces to establish this control.
HTH
Rick
06-21-2005 03:08 PM
Thats what I thought too, but the PIX (I my experience) does not do ICMP redirects and thus cannot route back out throught the same interface. I set selected users workstations to have a default route pointing to the router and then have it do the ICMP redirect back out through its eth1/0 respectivilly. This, however, has generated a speed problem (reported by the customer but unverified) on both LANs. This is confusing. It would seem that this is a viable solution but for some reason this slows everything down.
06-21-2005 10:21 PM
Hi Tbrooks,
What I think we can have 2 routes on your machines which I know will be a tedious job but still.
Once you have the router in between the 2 buildings we can simply route between the 2 networks and can apply the access list for control.
Now we can let the defaut gateways on your machine which I think must be pointing to PIX for internet access and one another route pointing to the other network. In this way if the machines in one network want to access the internet can pass through PIX and machine when try to access the network in other building will go through the router.
HTH
Ankur
06-22-2005 04:44 AM
I am not sure why this would cause slowness. Is it possible to verify whether things really do slow down?
Have you checked for any speed and or duplex issues (especially for the router and PIX interfaces)? Have you looked at the port statistics for anything unexpected?
Perhaps if you post the router config we could spot something? (Do you have CEF enabled?)
HTH
Rick
06-22-2005 02:19 AM
Hi,
Use the routemap method to choose between two pools via two different interfaces.
There is a match criteria based on ip next-hop
match ip next-hop
Please try yourself with the help of following link:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml
regards
Krishnamurthy Suresh
06-22-2005 03:30 AM
Hi all,
Pl ignore my previous post as that was the reply meant for " Need help for redundant link config" under WAN, Routing & Switching
sorry the 1751 confused me.
Krishnamurthy Suresh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: