Two PIX on same subnet with same gateway?

Discussion in 'Cisco' started by This Old Man, Oct 17, 2003.

  1. This Old Man

    This Old Man Guest

    We have two pix on the same subnet: one to the internet and one to an ASP.
    Between them we have a router that does ISDN dial-backup also on the same
    subnet. When we route outside traffic through PIX 1 to the router and then
    to PIX2 we can ping but cannot telnet to the ASP. But when we point the
    PIX's at each other take the router out of the picture the telnet to the ASP
    works fine, but of course then the ISDN dial-backup router is out of the
    loop.

    Any ideas?

    Thanks!
    This Old Man, Oct 17, 2003
    #1
    1. Advertising

  2. On Fri, 17 Oct 2003 20:18:55 GMT, the infinite monkeys with infinite
    typewriters employed by "This Old Man" <>
    spewed forth:

    >We have two pix on the same subnet: one to the internet and one to an ASP.
    >Between them we have a router that does ISDN dial-backup also on the same
    >subnet. When we route outside traffic through PIX 1 to the router and then
    >to PIX2 we can ping but cannot telnet to the ASP. But when we point the
    >PIX's at each other take the router out of the picture the telnet to the ASP
    >works fine, but of course then the ISDN dial-backup router is out of the
    >loop.
    >
    >Any ideas?
    >


    I'm guessing your network looks something like:

    +PIX1---->Internet
    |
    LAN------+Router-->ISDN Dial
    |
    +PIX2---->ASP

    If so, how about:

    Default gateway on the LAN is Router.
    Static route on Router to the ASP host/network via PIX2
    e.g. for a host
    ip route a.b.c.d 255.255.255.255 [PIX2 inside address]

    OSPF between PIX1 and Router, routing as follows:
    ISDN dial routing static on an administrative distance of 200
    Default route on PIX1 redistributed in OSPF - this should (if memory
    serves correctly) appear as a candidate default route on the router
    with an admin distance of 170

    Assuming a) PIX1 is on 6.3, b) IOS on the router supports OSPF and c)
    the network topology guess is correct.
    --
    Chris Ames-Farrow
    Chris Ames-Farrow, Oct 17, 2003
    #2
    1. Advertising

  3. In article <P8Yjb.32897$>,
    This Old Man <> wrote:
    :We have two pix on the same subnet: one to the internet and one to an ASP.
    :Between them we have a router that does ISDN dial-backup also on the same
    :subnet. When we route outside traffic through PIX 1 to the router and then
    :to PIX2 we can ping but cannot telnet to the ASP. But when we point the
    :pIX's at each other take the router out of the picture the telnet to the ASP
    :works fine, but of course then the ISDN dial-backup router is out of the
    :loop.

    Could you provide a bit of a network diagram? In particular, I'm
    unclear on how the router fits in considering they are on the same
    subnet? Are you bridging the subnet across the router, or using
    "ip unnumbered", or something else?
    --
    millihamlet: the average coherency of prose created by a single monkey
    typing randomly on a keyboard. Usenet postings may be rated in mHl.
    -- Walter Roberson
    Walter Roberson, Oct 17, 2003
    #3
  4. This Old Man

    Mike Guest

    I assume that it's a fixed subnet that you route to your ASP and not
    everything. This might be a proxy-arp issue and assuming that your
    static routes are correct, each pix has the correct static routes to
    the router and vis versa then on the routers ethernet interface I
    would configure no ip proxy-arp and on the two pix sysopt noproxyarp
    inside. Again assuming the static routes are correct.


    On Fri, 17 Oct 2003 20:18:55 GMT, "This Old Man"
    <> wrote:

    >We have two pix on the same subnet: one to the internet and one to an ASP.
    >Between them we have a router that does ISDN dial-backup also on the same
    >subnet. When we route outside traffic through PIX 1 to the router and then
    >to PIX2 we can ping but cannot telnet to the ASP. But when we point the
    >PIX's at each other take the router out of the picture the telnet to the ASP
    >works fine, but of course then the ISDN dial-backup router is out of the
    >loop.
    >
    >Any ideas?
    >
    >Thanks!
    >
    Mike, Oct 18, 2003
    #4
  5. This Old Man

    This Old Man Guest

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:bmpmm0$fpi$...
    > In article <P8Yjb.32897$>,
    > This Old Man <> wrote:
    > :We have two pix on the same subnet: one to the internet and one to an

    ASP.
    > :Between them we have a router that does ISDN dial-backup also on the same
    > :subnet. When we route outside traffic through PIX 1 to the router and

    then
    > :to PIX2 we can ping but cannot telnet to the ASP. But when we point the
    > :pIX's at each other take the router out of the picture the telnet to the

    ASP
    > :works fine, but of course then the ISDN dial-backup router is out of the
    > :loop.
    >
    > Could you provide a bit of a network diagram? In particular, I'm
    > unclear on how the router fits in considering they are on the same
    > subnet? Are you bridging the subnet across the router, or using
    > "ip unnumbered", or something else?


    Thanks to you and everyone for trying and sorry I didn't provide enough
    info.

    My Cisco "expert" is coming onsite tomorrow to figure it out and I'll let
    you know what he did.
    This Old Man, Oct 20, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul
    Replies:
    1
    Views:
    5,068
    Walter Roberson
    Oct 13, 2004
  2. iwhite
    Replies:
    3
    Views:
    907
    Walter Roberson
    Nov 15, 2005
  3. Vass

    Subnet a subnet mask?

    Vass, Aug 26, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    710
  4. adp kumar
    Replies:
    1
    Views:
    589
    Bartosz Gagat
    Oct 19, 2008
  5. barret bondon
    Replies:
    3
    Views:
    1,138
    Ciscohite
    Apr 25, 2012
Loading...

Share This Page