PIX 515E 7.2(1) Routing between two subnets on same wire

Discussion in 'Cisco' started by Ulf Tropp, Mar 29, 2007.

  1. Ulf Tropp

    Ulf Tropp Guest

    We have two subnets on the inside interface. The 'non native' subnet has
    a static route
    pointing to the inside interface. Routing to that subnet works when
    coming via VPN
    (clients on 'inside' subnet) but not from inside. Packet tracing says
    that packets are
    dropped by the implicit Inside Any->Any drop rule but we have an
    explicit Inside Any->Any permit
    rule before that.
     
    Ulf Tropp, Mar 29, 2007
    #1
    1. Advertising

  2. Ulf Tropp

    Ulf Tropp Guest

    Ulf Tropp wrote:
    >
    > We have two subnets on the inside interface. The 'non native' subnet has
    > a static route
    > pointing to the inside interface. Routing to that subnet works when
    > coming via VPN
    > (clients on 'inside' subnet) but not from inside. Packet tracing says
    > that packets are
    > dropped by the implicit Inside Any->Any drop rule but we have an
    > explicit Inside Any->Any permit
    > rule before that.


    Update: "Enable traffic between tho hosts connected to the same
    interface"
    made packets flow until NAT Lookup. "portmap translation creation
    failed..."
     
    Ulf Tropp, Mar 29, 2007
    #2
    1. Advertising

  3. Ulf Tropp

    AM Guest

    Ulf Tropp wrote:

    > Update: "Enable traffic between tho hosts connected to the same
    > interface"
    > made packets flow until NAT Lookup. "portmap translation creation
    > failed..."


    Supposing the native LAN is 192.168.1.0/24 and the secondary 192.168.2.0/24
    I think you need to specify something like this

    nat (inside) 0 192.168.1.0/24 255.255.255.0 0 0
    nat (inside) 0 192.168.2.0/24 255.255.255.0 0 0

    May you tell me if, when you say "the same interface", you mean the same interface
    from the PIX point of view and not the physical one.

    May you post the conf without any sensitive and valuable data?

    Alex.
     
    AM, Mar 29, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jonathan
    Replies:
    13
    Views:
    8,490
    Jonathan
    Jul 26, 2004
  2. Replies:
    4
    Views:
    5,650
    BLACKCRACK
    May 5, 2006
  3. J
    Replies:
    0
    Views:
    730
  4. cisco
    Replies:
    4
    Views:
    1,044
  5. SchoolTech

    2 Wire and 3 Wire Telecom Wiring

    SchoolTech, Feb 26, 2005, in forum: NZ Computing
    Replies:
    1
    Views:
    718
    colinco
    Feb 26, 2005
Loading...

Share This Page