Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Unable to connect with router

Reply
Thread Tools

Unable to connect with router

 
 
psychogenic
Guest
Posts: n/a
 
      05-24-2006
Hey all,

I have a vpn tunnel established between my PIX and a remote site. My
local machines are configured (used the route add command from command
prompt) to use the PIX as the default gateway if they want to reach the
remote site. Prior to adding this PIX we had a router between us and
the internet. If I reintroduce that router between my PCs and the PIX,
I can no longer connect to the remote site (internet is fine however).
I'm guessing this probably means I need to add a "route"in my router
or? How should the command work?

Thanks.

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      05-24-2006
In article <(E-Mail Removed). com>,
psychogenic <(E-Mail Removed)> wrote:
>I have a vpn tunnel established between my PIX and a remote site. My
>local machines are configured (used the route add command from command
>prompt) to use the PIX as the default gateway if they want to reach the
>remote site. Prior to adding this PIX we had a router between us and
>the internet. If I reintroduce that router between my PCs and the PIX,
>I can no longer connect to the remote site (internet is fine however).
>I'm guessing this probably means I need to add a "route"in my router
>or? How should the command work?


Do you have your router doing Network Address Translation?
If you do, then try using PIX 6.3 and configuring
isakmp nat-traversal 20
 
Reply With Quote
 
 
 
 
sampark
Guest
Posts: n/a
 
      05-24-2006
Hello Psychogenic,

I think you have this kind of a network setup

+--------pix=======Tunnel=========Router
lan |
+----Router---------Internet
To go through the tunnel your PC is using 'route add <ip of remote>
<mask> <PIX add> and the default gateway is router to go to the
internet

This setup can be optimized
+ ---PIX========tunnel=========router
lan-------Router|
+----------------internet

For the above topology you need a static route entry in the router to
point to pix if the user wants to go to the remote router through VPN
tunnel.
command will be (router)
ip route <ip of the remote subnet> <mask> <ip of the PIX>


or
lan----------Router-------PIX-----------internet
+==============Tunnel

You do not need any configuration settings in PIX. In the router you
only need the default router pointing to the PIX.

Let us know if that works
-Vikas

 
Reply With Quote
 
psychogenic
Guest
Posts: n/a
 
      05-24-2006

sampark wrote:
> Hello Psychogenic,
>
> I think you have this kind of a network setup
>
> +--------pix=======Tunnel=========Router
> lan |
> +----Router---------Internet
> To go through the tunnel your PC is using 'route add <ip of remote>
> <mask> <PIX add> and the default gateway is router to go to the
> internet
>
> This setup can be optimized
> + ---PIX========tunnel=========router
> lan-------Router|
> +----------------internet
>
> For the above topology you need a static route entry in the router to
> point to pix if the user wants to go to the remote router through VPN
> tunnel.
> command will be (router)
> ip route <ip of the remote subnet> <mask> <ip of the PIX>
>
>
> or
> lan----------Router-------PIX-----------internet
> +==============Tunnel
>
> You do not need any configuration settings in PIX. In the router you
> only need the default router pointing to the PIX.
>
> Let us know if that works
> -Vikas


Thanks all for your replies.

Our setup is currently like this:

LAN ---- Router ---- PIX ------- Internet
+================Tunnel

As you drew in your last example. The tunnel is set to connect the PIX
public interface to the remote site's router. The default gateway being
used by hte machines is pointing to the PIX private interface. So on
the router I just need to add

ip route <remote site's address or the remote site's router??> <mask>
<private or puiblic interface of pix?>

Thanks again.

 
Reply With Quote
 
sampark
Guest
Posts: n/a
 
      05-24-2006
Hello,
What kind of a router is that?
Why do you have PIX inside interface as your dgw?
Why cant the router interface be dgw?
Is that a cisco router?

I would have configured it in this way:

lan---------fe0_Router_fe1---------in_PIX_out---dsl-----internet

fe0 = 192.168.1.1/24
lan=192.168.1.0/24
fe1=192.168.200.1/24
PIX_in=192.168.200.2/24
PIX_out=what ever dsl provides (dhcp in most of the cases).

PC will have router fe0 as the dgw (192.168.1.1)
router will have dgw as PIX.
ip route 0.0.0.0 0.0.0.0 192.168.200.2
PIX will have route
route outside 0.0.0.0 0.0.0.0 interface outside (please check the
command syntax)
PIX will have other natting commands as well
global (outside) 1 interface
nat (inside) 1 0

This way you will be securing the complete lan with the fw. (I hope you
own the fw)

I hope I am answering your question.

-Vikas

 
Reply With Quote
 
psychogenic
Guest
Posts: n/a
 
      05-24-2006

sampark wrote:
> Hello,
> What kind of a router is that?
> Why do you have PIX inside interface as your dgw?
> Why cant the router interface be dgw?
> Is that a cisco router?
>
> I would have configured it in this way:
>
> lan---------fe0_Router_fe1---------in_PIX_out---dsl-----internet
>
> fe0 = 192.168.1.1/24
> lan=192.168.1.0/24
> fe1=192.168.200.1/24
> PIX_in=192.168.200.2/24
> PIX_out=what ever dsl provides (dhcp in most of the cases).
>
> PC will have router fe0 as the dgw (192.168.1.1)
> router will have dgw as PIX.
> ip route 0.0.0.0 0.0.0.0 192.168.200.2
> PIX will have route
> route outside 0.0.0.0 0.0.0.0 interface outside (please check the
> command syntax)
> PIX will have other natting commands as well
> global (outside) 1 interface
> nat (inside) 1 0
>
> This way you will be securing the complete lan with the fw. (I hope you
> own the fw)
>
> I hope I am answering your question.
>
> -Vikas



The router is a Yamaha router. There is no nat running since I'm using
Cisco EasyVPN. I'll change the dgw of the machines to use the router
instead.I'm not sure about this command:

route outside 0.0.0.0 0.0.0.0 interface outside

when i do route outside 0.0.0.0 0.0.0.0 ?

It asks me: The address of the gateway by which the foreign network
is reached.

So I add in the public interface?

Thanks.

 
Reply With Quote
 
Vikas
Guest
Posts: n/a
 
      05-25-2006
Hello,

This is the default route which will be there in the PIX.

 
Reply With Quote
 
psychogenic
Guest
Posts: n/a
 
      05-25-2006

Vikas wrote:
> Hello,
>
> This is the default route which will be there in the PIX.


Thanks, I can finally connect to the remote site when the router is put
back in. However, now there's a new problem where I can't get to the
internet now. If I bring down the vpn tunnel then internet seems to
work fine. Can they not co-exist on the same interface?

 
Reply With Quote
 
Vikas
Guest
Posts: n/a
 
      05-26-2006
You are using Easy VPN (which is not that easy btw). Internet and easy
VPN can coexist only if the configuration allows it to coexist.
The nat/path needs to be enabled by the server side by split tunnel or
that can be converted to Network Mode.
Nothing is in your PIX which can be changed.

You can disble the easy vpn client when you are accessing the internet.


Vikas

 
Reply With Quote
 
psychogenic
Guest
Posts: n/a
 
      06-02-2006

Vikas wrote:
> You are using Easy VPN (which is not that easy btw). Internet and easy
> VPN can coexist only if the configuration allows it to coexist.
> The nat/path needs to be enabled by the server side by split tunnel or
> that can be converted to Network Mode.
> Nothing is in your PIX which can be changed.
>
> You can disble the easy vpn client when you are accessing the internet.
>
>
> Vikas



I am using network extension mode for easyvpn and preferably its
something I do not want disabled.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
unable to connect my wireless router to my x64 groovey Windows 64bit 3 11-28-2007 08:11 PM
Unable to Connect Multiple VPN Clients via Linksys Router mmcnichol Cisco 2 10-20-2006 04:21 PM
Aliant TV - Trying to connect a wireless router, not able to connect to Internet rich irving Computer Support 5 01-11-2006 06:30 PM
Unable to renew IP address/unable to connect to wireless network =?Utf-8?B?SmFzZXlCb3k=?= Wireless Networking 1 12-22-2005 04:28 AM
Unable to connect to my wireless router =?Utf-8?B?SGFyb2xk?= Wireless Networking 7 02-01-2005 04:05 PM



Advertisments