Problem with PIX

Discussion in 'Cisco' started by Mamun Shaheed, Dec 26, 2003.

  1. Hi,
    I am faceing some problem in with my PIX firewall. Here is my network
    design

    +---------------+
    |192.168.10.1/24|
    |Pix F/W |
    |10.10.2.230/24 |
    +---------------+
    |
    |
    |
    My nework |
    10.10.2.x |----|---------------------|-------------------|
    | Host A Host B Host C
    | 10.10.2.210/24 10.10.2.208/24 10.10.2.209/24
    | g/w 10.10.2.230 g/w 10.10.2.230 g/w 10.10.2.1
    +--------------+
    |10.10.2.1/24 |
    |3640 router |
    |192.168.3.1/24|
    +--------------+
    |
    |
    Host D
    192.168.3.101


    Host A and B is statically mapped in Pix.

    Host D can Ping 10.10.2.1, 10.10.2.230 and 10.10.209, but it cannot
    ping Host A or Host B. When it try to ping Host A or Host B, I am
    getting following error in my syslog server.

    <163>%PIX-3-106011: Deny inbound (No xlate) icmp src
    inside:10.10.2.201 dst inside:192.168.3.101 (type 0, code 0)

    So far i understand that, as PIX is pointed as g/w for Host A and B,
    when it receive and request for these two hosts it is trying to send
    that request to outside (192.168.10.x) as these two hosts are
    statically mapped in PIX.

    Here is the route I put in Pix
    route inside 192.168.3.0 255.255.255.0 10.10.2.1

    Now How can I tell my PIX to route 192.168.3.0 kinda request to send
    back to 10.10.2.1??

    ~M$
    Mamun Shaheed, Dec 26, 2003
    #1
    1. Advertising

  2. Hi,

    The Pix is a firewall and a router and will not route packets back the way
    they came from. The only routing the pix can do is routing between
    interfaces. So, change host A and B's default gateway to 10.10.2.1 (the
    3640).

    Erik

    "Mamun Shaheed" <> wrote in message
    news:...
    > Hi,
    > I am faceing some problem in with my PIX firewall. Here is my network
    > design
    >
    > +---------------+
    > |192.168.10.1/24|
    > |Pix F/W |
    > |10.10.2.230/24 |
    > +---------------+
    > |
    > |
    > |
    > My nework |
    > 10.10.2.x |----|---------------------|-------------------|
    > | Host A Host B Host C
    > | 10.10.2.210/24 10.10.2.208/24 10.10.2.209/24
    > | g/w 10.10.2.230 g/w 10.10.2.230 g/w 10.10.2.1
    > +--------------+
    > |10.10.2.1/24 |
    > |3640 router |
    > |192.168.3.1/24|
    > +--------------+
    > |
    > |
    > Host D
    > 192.168.3.101
    >
    >
    > Host A and B is statically mapped in Pix.
    >
    > Host D can Ping 10.10.2.1, 10.10.2.230 and 10.10.209, but it cannot
    > ping Host A or Host B. When it try to ping Host A or Host B, I am
    > getting following error in my syslog server.
    >
    > <163>%PIX-3-106011: Deny inbound (No xlate) icmp src
    > inside:10.10.2.201 dst inside:192.168.3.101 (type 0, code 0)
    >
    > So far i understand that, as PIX is pointed as g/w for Host A and B,
    > when it receive and request for these two hosts it is trying to send
    > that request to outside (192.168.10.x) as these two hosts are
    > statically mapped in PIX.
    >
    > Here is the route I put in Pix
    > route inside 192.168.3.0 255.255.255.0 10.10.2.1
    >
    > Now How can I tell my PIX to route 192.168.3.0 kinda request to send
    > back to 10.10.2.1??
    >
    > ~M$
    Erik Tamminga, Dec 26, 2003
    #2
    1. Advertising

  3. Mamun Shaheed

    Atif Sajid Guest

    You can put a static route on hosts A and B for 192.168.3.0/24 network
    with gateway 10.10.2.1.


    "Erik Tamminga" <> wrote in message news:<bsh4it$1qh$1.nb.home.nl>...
    > Hi,
    >
    > The Pix is a firewall and a router and will not route packets back the way
    > they came from. The only routing the pix can do is routing between
    > interfaces. So, change host A and B's default gateway to 10.10.2.1 (the
    > 3640).
    >
    > Erik
    >
    > "Mamun Shaheed" <> wrote in message
    > news:...
    > > Hi,
    > > I am faceing some problem in with my PIX firewall. Here is my network
    > > design
    > >
    > > +---------------+
    > > |192.168.10.1/24|
    > > |Pix F/W |
    > > |10.10.2.230/24 |
    > > +---------------+
    > > |
    > > |
    > > |
    > > My nework |
    > > 10.10.2.x |----|---------------------|-------------------|
    > > | Host A Host B Host C
    > > | 10.10.2.210/24 10.10.2.208/24 10.10.2.209/24
    > > | g/w 10.10.2.230 g/w 10.10.2.230 g/w 10.10.2.1
    > > +--------------+
    > > |10.10.2.1/24 |
    > > |3640 router |
    > > |192.168.3.1/24|
    > > +--------------+
    > > |
    > > |
    > > Host D
    > > 192.168.3.101
    > >
    > >
    > > Host A and B is statically mapped in Pix.
    > >
    > > Host D can Ping 10.10.2.1, 10.10.2.230 and 10.10.209, but it cannot
    > > ping Host A or Host B. When it try to ping Host A or Host B, I am
    > > getting following error in my syslog server.
    > >
    > > <163>%PIX-3-106011: Deny inbound (No xlate) icmp src
    > > inside:10.10.2.201 dst inside:192.168.3.101 (type 0, code 0)
    > >
    > > So far i understand that, as PIX is pointed as g/w for Host A and B,
    > > when it receive and request for these two hosts it is trying to send
    > > that request to outside (192.168.10.x) as these two hosts are
    > > statically mapped in PIX.
    > >
    > > Here is the route I put in Pix
    > > route inside 192.168.3.0 255.255.255.0 10.10.2.1
    > >
    > > Now How can I tell my PIX to route 192.168.3.0 kinda request to send
    > > back to 10.10.2.1??
    > >
    > > ~M$
    Atif Sajid, Dec 26, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Richard

    PIX to PIX to PIX meshed VPN

    Richard, Nov 13, 2003, in forum: Cisco
    Replies:
    1
    Views:
    584
    Richard
    Nov 15, 2003
  2. Remco Bressers
    Replies:
    1
    Views:
    496
    Jyri Korhonen
    Nov 21, 2003
  3. Bill F
    Replies:
    1
    Views:
    421
    Walter Roberson
    Nov 25, 2003
  4. GVB
    Replies:
    1
    Views:
    2,754
    Martin Bilgrav
    Feb 6, 2004
  5. AlanP
    Replies:
    3
    Views:
    918
    Mirek
    Apr 7, 2004
Loading...

Share This Page