pix 515 to pix 501

Discussion in 'Cisco' started by Guest, Feb 4, 2004.

  1. Guest

    Guest Guest

    My setup:

    net1 >> pix 501 >> tunnel >> pix515 >> net2 >> 2600 router >> net3

    Can ping net1 to net2
    Can ping net2 to net3
    Can't ping from net1 to net3

    net1 10.x.x.x/24
    net2 10.x.x.x/16
    net3 10.x.x.x/16

    Any ideas on how to get fom net1 to net3?
     
    Guest, Feb 4, 2004
    #1
    1. Advertising

  2. Guest

    mcaissie Guest

    <> wrote in message news:Hv8Ub.390277$JQ1.122679@pd7tw1no...
    > My setup:
    >
    > net1 >> pix 501 >> tunnel >> pix515 >> net2 >> 2600 router >> net3
    >
    > Can ping net1 to net2
    > Can ping net2 to net3
    > Can't ping from net1 to net3
    >
    > net1 10.x.x.x/24
    > net2 10.x.x.x/16
    > net3 10.x.x.x/16
    >
    > Any ideas on how to get fom net1 to net3?
    >
    >

    --On PIX 515 you need

    route inside [net3 subnet] 2600router

    and
    access-list [name] permit ip [ net3 subnet] [ net1 subnet]

    must be part of your nonat and crypto access-list

    --On PIX 501
    access-list [name] permit ip [ net1 subnet] [ net3 subnet]
    must be part of your nonat and crypto access-list
     
    mcaissie, Feb 4, 2004
    #2
    1. Advertising

  3. Guest

    Guest Guest

    Thanks alot - that did the trick.


    "mcaissie" <> wrote in message
    news:qL8Ub.13574$...
    >
    > <> wrote in message

    news:Hv8Ub.390277$JQ1.122679@pd7tw1no...
    > > My setup:
    > >
    > > net1 >> pix 501 >> tunnel >> pix515 >> net2 >> 2600 router >> net3
    > >
    > > Can ping net1 to net2
    > > Can ping net2 to net3
    > > Can't ping from net1 to net3
    > >
    > > net1 10.x.x.x/24
    > > net2 10.x.x.x/16
    > > net3 10.x.x.x/16
    > >
    > > Any ideas on how to get fom net1 to net3?
    > >
    > >

    > --On PIX 515 you need
    >
    > route inside [net3 subnet] 2600router
    >
    > and
    > access-list [name] permit ip [ net3 subnet] [ net1 subnet]
    >
    > must be part of your nonat and crypto access-list
    >
    > --On PIX 501
    > access-list [name] permit ip [ net1 subnet] [ net3 subnet]
    > must be part of your nonat and crypto access-list
    >
    >
     
    Guest, Feb 5, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lars Kraack
    Replies:
    0
    Views:
    764
    Lars Kraack
    Mar 5, 2004
  2. Andre
    Replies:
    7
    Views:
    789
    Andre
    Feb 20, 2005
  3. Scott Townsend
    Replies:
    8
    Views:
    734
    Roman Nakhmanson
    Feb 22, 2006
  4. Jeff
    Replies:
    5
    Views:
    1,158
  5. Scott Townsend
    Replies:
    2
    Views:
    576
    Scott Townsend
    Mar 4, 2008
Loading...

Share This Page