| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
phoenixorb@gmail.com
Guest
Posts: n/a
|
Cisco Help?
I am having an issue changing the default gateway of my network over. I currently am using a Cisco Pix 515 as my firewall, with a Cisco 3600 as my internet router and a 2600 as my internal WAN router. The WAN router is currently my default gateway, and I want to change that to my firewall (as I am adding a second provider for WAN access with different WAN Access). I keep changing the IP routes, and it doesn't seem to be working. I can ping from the firewall, but packets routed to it will not route though that router to another. Please help! PIX Version 6.3(1) interface ethernet0 auto interface ethernet1 100full interface ethernet2 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 DMZ security50 enable password xxx encrypted passwd xxxx encrypted hostname AFCFW01 domain-name afcexpress.com clock timezone EST -5 clock summer-time EDT recurring fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 no names name 10.27.0.0 Whole_Network name 10.0.0.0 Internal_Net name 192.168.0.0 DMZ_Net name 10.27.150.0 Riverdale-GA name 10.27.110.0 Memphis-TN name 10.27.10.0 Kennesaw-GA name 10.27.130.0 Indianapolis-IN name 10.27.140.0 Cincinnati-OH name 10.27.120.0 Kansas_City-MO name 10.27.180.0 Los_Angeles-CA object-group service Web_Services tcp port-object eq www port-object eq ftp-data port-object eq domain port-object eq ftp port-object eq https port-object range aol aol port-object range 5050 5050 object-group service Phoenix_Protocols tcp port-object eq ftp-data port-object eq ftp port-object eq smtp object-group service Mail_Out tcp port-object eq ldaps port-object eq ldap port-object eq domain port-object eq pop3 port-object eq smtp port-object eq imap4 object-group service IMAIL_Protocols tcp port-object eq ldaps port-object eq www port-object eq ldap port-object eq domain port-object eq pop3 port-object eq smtp port-object eq imap4 object-group service DAT tcp description Dis&DAT port-object range 1203 1205 port-object eq 5000 port-object eq 8000 port-object range 1 9999 port-object range 6667 6667 object-group service DNS udp port-object eq domain object-group service Mail_In_TCP tcp port-object eq www port-object eq pop3 port-object eq smtp port-object eq imap4 object-group service VeritasStorageReplicatorTCP tcp description Vertias Storage Replicator for TCP Ports port-object range 20484 20484 port-object range sunrpc sunrpc port-object range 20481 20481 port-object range 20482 20482 object-group service VertiasStorageReplicatorUDP udp description Vertias Storage Replicator for UDP Packets port-object range 1804 1804 object-group service FTP_protocols tcp port-object eq ftp port-object eq ftp-data object-group service AllownetmeetingtoPublicIP tcp port-object range h323 h323 port-object range 1503 1503 port-object range 1731 1731 port-object range 522 522 port-object range ldap ldap object-group service conf tcp port-object eq www port-object eq https port-object eq ssh object-group service conf2 udp port-object eq 80 port-object eq 443 port-object eq 22 access-list ping_acl permit udp 10.27.0.0 255.255.0.0 any object-group DNS access-list ping_acl permit tcp 10.27.0.0 255.255.0.0 any object-group Web_Services access-list ping_acl permit ip 10.27.0.0 255.255.0.0 192.168.0.0 255.255.255.0 access-list ping_acl permit tcp 10.27.0.0 255.255.0.0 any object-group Mail_Out access-list ping_acl permit tcp 10.27.0.0 255.255.0.0 any object-group DAT access-list ping_acl permit ip 10.27.10.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list ping_acl permit ip 10.27.10.0 255.255.255.0 192.168.5.0 255.255.255.0 access-list ping_acl permit ip 10.27.10.0 255.255.255.0 192.168.11.0 255.255.255.0 access-list ping_acl permit ip 10.27.10.0 255.255.255.0 192.168.7.0 255.255.255.0 access-list ping_acl permit ip 10.27.10.0 255.255.255.0 10.50.1.0 255.255.255.0 access-list ping_acl permit ip 10.27.10.0 255.255.255.0 192.168.16.0 255.255.255.0 access-list ping_acl permit ip 10.27.10.0 255.255.255.0 192.168.23.0 255.255.255.0 access-list acl_out permit icmp any any access-list outside_access_in permit tcp any host xxx object-group Phoenix_Protocols access-list outside_access_in permit udp any host xxx object-group VertiasStorageReplicatorUDP access-list outside_access_in permit tcp any host xxx object-group VeritasStorageReplicatorTCP access-list outside_access_in permit udp any host xxx object-group VertiasStorageReplicatorUDP access-list outside_access_in permit tcp any host xxx eq citrix-ica access-list outside_access_in permit tcp any host xxx object-group Mail_In_TCP access-list outside_access_in permit tcp any host xxx object-group VeritasStorageReplicatorTCP access-list outside_access_in permit udp any host xxx eq 1604 access-list outside_access_in permit tcp any host xxx object-group Web_Services access-list outside_access_in permit tcp any host xxx object-group FTP_protocols access-list outside_access_in permit tcp any host xxx object-group AllownetmeetingtoPublicIP access-list outside_access_in permit tcp any host xxx object-group conf access-list outside_access_in permit udp any host xxx object-group conf2 access-list outside_access_in permit tcp any host xxx object-group conf access-list outside_access_in permit udp any host xxx object-group conf2 access-list 101 permit ip 10.27.10.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list 103 permit ip 10.27.10.0 255.255.255.0 192.168.5.0 255.255.255.0 access-list 103 permit ip 10.27.10.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list 103 permit ip 10.27.10.0 255.255.255.0 192.168.7.0 255.255.255.0 access-list 103 permit ip 10.27.10.0 255.255.255.0 10.50.1.0 255.255.255.0 access-list 103 permit ip 10.27.10.0 255.255.255.0 192.168.11.0 255.255.255.0 access-list 103 permit ip 10.27.10.0 255.255.255.0 192.168.16.0 255.255.255.0 access-list 103 permit ip 10.27.10.0 255.255.255.0 192.168.21.0 255.255.255.0 access-list 103 permit ip 10.27.10.0 255.255.255.0 192.168.23.0 255.255.255.0 access-list 102 permit ip 10.27.10.0 255.255.255.0 192.168.5.0 255.255.255.0 access-list 104 permit ip 10.27.10.0 255.255.255.0 192.168.7.0 255.255.255.0 access-list split permit ip 10.27.10.0 255.255.255.0 10.50.1.0 255.255.255.0 access-list 106 permit ip 10.27.10.0 255.255.255.0 192.168.16.0 255.255.255.0 access-list 105 permit ip 10.27.10.0 255.255.255.0 192.168.11.0 255.255.255.0 access-list 110 permit ip 10.27.10.0 255.255.255.0 192.168.21.0 255.255.255.0 access-list 108 permit ip 10.27.10.0 255.255.255.0 192.168.23.0 255.255.255.0 pager lines 24 logging on logging console debugging logging buffered debugging mtu outside 1500 mtu inside 1500 mtu DMZ 1500 ip address outside xxx 255.255.255.0 ip address inside 10.27.10.254 255.255.255.0 ip address DMZ 192.168.0.254 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool tiger 10.50.1.1-10.50.1.254 pdm location 10.0.0.0 255.255.0.0 inside pdm location 10.27.10.252 255.255.255.255 inside pdm location 10.0.0.0 255.0.0.0 inside pdm location 10.27.10.245 255.255.255.255 inside pdm location 10.27.10.244 255.255.255.255 inside pdm location 10.27.10.248 255.255.255.255 inside pdm location 10.27.10.249 255.255.255.255 inside pdm location 10.27.10.8 255.255.255.255 inside pdm location 192.168.0.2 255.255.255.255 DMZ pdm location 10.27.0.0 255.255.0.0 inside pdm location 10.27.130.0 255.255.255.0 inside pdm location 10.27.140.0 255.255.255.0 inside pdm location 10.27.150.0 255.255.255.0 inside pdm location 10.27.160.0 255.255.255.0 inside pdm location 10.27.170.0 255.255.255.0 inside pdm location 10.27.180.0 255.255.255.0 inside pdm location 10.27.190.0 255.255.255.0 inside pdm location 10.27.200.0 255.255.255.0 inside pdm location 10.27.110.0 255.255.255.0 inside pdm location 216.248.176.6 255.255.255.255 outside pdm location 10.27.120.0 255.255.255.0 inside pdm location 10.27.10.250 255.255.255.255 inside pdm location 10.27.10.251 255.255.255.255 inside pdm location 10.27.10.58 255.255.255.255 inside pdm location 63.170.93.66 255.255.255.255 inside pdm location 63.170.93.66 255.255.255.255 outside pdm location 10.27.11.0 255.255.255.0 outside pdm location 10.27.10.34 255.255.255.255 inside pdm location 10.27.11.0 255.255.255.0 inside pdm location 192.168.1.0 255.255.255.0 outside pdm location 192.168.5.0 255.255.255.0 outside pdm location 192.168.7.0 255.255.255.0 outside pdm location 200.9.49.66 255.255.255.255 outside pdm location 192.168.11.0 255.255.255.0 outside pdm location 192.168.16.0 255.255.255.0 outside pdm location 192.168.21.0 255.255.255.0 outside pdm location 192.168.23.0 255.255.255.0 outside pdm location 10.27.10.161 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 xxx global (DMZ) 1 192.168.0.253 nat (inside) 0 access-list 103 nat (inside) 1 10.0.0.0 255.0.0.0 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (DMZ) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) xxx 10.27.10.245 netmask 255.255.255.255 0 0 static (inside,outside) xxx 10.27.10.244 netmask 255.255.255.255 0 0 static (inside,outside) xxx10.27.10.249 netmask 255.255.255.255 0 0 static (inside,outside) xxx10.27.10.248 netmask 255.255.255.255 0 0 static (inside,outside) xxx 10.27.10.8 netmask 255.255.255.255 0 0 static (DMZ,outside) xxx 192.168.0.2 netmask 255.255.255.255 0 0 static (inside,outside) xxx 10.27.10.250 netmask 255.255.255.255 0 0 static (inside,outside) xxx 10.27.10.251 netmask 255.255.255.255 0 0 static (inside,outside) xxx 10.27.10.34 netmask 255.255.255.255 0 0 static (inside,outside) xxx 10.27.10.161 netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside access-group ping_acl in interface inside route outside 0.0.0.0 0.0.0.0 xxx (here is the internet router address) route inside 10.27.11.0 255.255.255.0 10.27.10.7 1 route inside 10.27.110.0 255.255.255.0 10.27.10.232 1 (This address is the router of the Internal WAN router) route inside 10.27.120.0 255.255.255.0 10.27.10.232 1 route inside 10.27.130.0 255.255.255.0 10.27.10.232 1 route inside 10.27.140.0 255.255.255.0 10.27.10.232 1 route inside 10.27.150.0 255.255.255.0 10.27.10.232 1 route inside 10.27.160.0 255.255.255.0 10.27.10.232 1 route inside 10.27.170.0 255.255.255.0 10.27.10.232 1 route inside 10.27.180.0 255.255.255.0 10.27.10.232 1 route inside 10.27.190.0 255.255.255.0 10.27.10.232 1 route inside 10.27.200.0 255.255.255.0 10.27.10.232 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http xxx 255.255.255.255 outside http xxx 255.255.255.255 outside http 10.27.10.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set chevelle esp-des esp-md5-hmac crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map transam 1 ipsec-isakmp crypto map transam 1 match address 101 crypto map transam 1 set peer xxx crypto map transam 1 set transform-set chevelle crypto map transam 2 ipsec-isakmp crypto map transam 2 match address 102 crypto map transam 2 set peer xxx crypto map transam 2 set transform-set chevelle crypto map transam 4 ipsec-isakmp crypto map transam 4 match address 104 crypto map transam 4 set peer xxx crypto map transam 4 set transform-set chevelle crypto map transam 5 ipsec-isakmp crypto map transam 5 match address 105 crypto map transam 5 set peer xxx crypto map transam 5 set transform-set chevelle crypto map transam 6 ipsec-isakmp crypto map transam 6 match address 106 crypto map transam 6 set peer xxx crypto map transam 6 set transform-set chevelle crypto map transam 7 ipsec-isakmp crypto map transam 7 match address 110 crypto map transam 7 set peer xxx crypto map transam 7 set transform-set chevelle crypto map transam 8 ipsec-isakmp crypto map transam 8 match address 108 crypto map transam 8 set peer xxx crypto map transam 8 set transform-set chevelle crypto map transam 15 ipsec-isakmp dynamic dynmap crypto map transam interface outside isakmp enable outside isakmp key ******** address xxx netmask 255.255.255.255 no-xauth no-config-mode isakmp key ******** address xxx netmask 255.255.255.255 no-xauth no-config-mode isakmp key ******** address xxxnetmask 255.255.255.255 no-xauth no-config-mode isakmp key ******** address xxx netmask 255.255.255.255 no-xauth no-config-mode isakmp key ******** address xxx netmask 255.255.255.255 no-xauth no-config-mode isakmp key ******** address xxx netmask 255.255.255.255 no-xauth no-config-mode isakmp key ******** address xxx netmask 255.255.255.255 no-xauth no-config-mode isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption des isakmp policy 1 hash md5 isakmp policy 1 group 2 isakmp policy 1 lifetime 86400 vpngroup tiger address-pool tiger vpngroup tiger dns-server 10.27.10.252 vpngroup tiger wins-server 10.27.10.252 vpngroup tiger split-tunnel split vpngroup tiger idle-time 1800 vpngroup tiger password ******** telnet 10.27.10.0 255.255.255.0 inside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 60 management-access inside console timeout 0 terminal width 80 Cryptochecksum:bsdgfgfbcb233sfadd6b070dae4f1e2ce2a c6f6ec3d : end AFCFW01# |
|
|
|
|
|||
|
|||
| phoenixorb@gmail.com |
|
|
|
| |
|
Chris
Guest
Posts: n/a
|
<> wrote in message news: ups.com... > Cisco Help? > > I am having an issue changing the default gateway of my network over. > > I currently am using a Cisco Pix 515 as my firewall, with a Cisco 3600 > as my internet router and a 2600 as my internal WAN router. > > The WAN router is currently my default gateway, and I want to change > that to my firewall (as I am adding a second provider for WAN access > with different WAN Access). > > I keep changing the IP routes, and it doesn't seem to be working. I > can ping from the firewall, but packets routed to it will not route > though that router to another. Version 6.3 will not route traffic back out of the same interface. Version 7 does I *think*! Chris. |
|
|
|
|
|||
|
|
|||
| Chris |
|
|
|
| |
|
Walter Roberson
Guest
Posts: n/a
|
In article <>,
Chris <> wrote: ><> wrote in message >news: oups.com... >> I currently am using a Cisco Pix 515 as my firewall, with a Cisco 3600 >> as my internet router and a 2600 as my internal WAN router. >Version 6.3 will not route traffic back out of the same interface. Version 7 >does I *think*! I haven't played with 7.0 myself; what other posters have said is that 7.0 will allow routing back out the same interface only when at least one of the connections involves an IPSec tunnel. -- I was very young in those days, but I was also rather dim. -- Christopher Priest |
|
|
|
|
|||
|
|
|||
| Walter Roberson |
|
|
|
| |
|
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| SMS gateway software, SMS gateway, SMS software, SMS server, SMPP software, WAP Push | John | Java | 0 | 08-28-2007 05:53 AM |
| Skype Gateway,VoIP GSM Gateway,E1 GSM Channel bank | Rebeccaliu | VOIP | 0 | 11-01-2006 02:16 PM |
| Edit Primary Gateway To Send Internet Traffic To Secondary Gateway | Frank | Cisco | 3 | 09-30-2004 04:51 AM |
| Changing 'default gateway' timeout on Win2K/XP | Jack B. Pollack | Computer Support | 0 | 07-29-2004 11:35 PM |
| SIP Gateway-To-Gateway Sample Consifuration | Mohamad Eslami | Cisco | 1 | 05-25-2004 09:45 PM |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc..
SEO by vBSEO ©2010, Crawlability, Inc. |
