2 PIX Same COnfig, though 1 not connected to 'real' outside? Does not work?

Discussion in 'Cisco' started by Scott Townsend, Mar 23, 2006.

  1. This seems like it should work okay I have 2 PIXs set up as follows
    PIX1: Inside: 10.0.0.1
    Outside: 192.168.1.2

    PIX1: Inside: 10.0.0.2
    Outside2: 192.168.1.2

    Inside ----PIX1-----Outside
    |
    ---------PIX2-----Outside2

    They are both on the same Internal Network. Though the Outside ports are
    connected to different Physical Networks that have the same Address space.
    Both PIXs have the same Config (besides the Internal IP)

    I've set up a Laptop on Outside2 with a Hosts file that has entries for
    Webservers that are published on the PIX2 Outside Interface mapped to the
    internal Webserver...

    When I try to Access them it does not work...

    Is having the same Outside Subnet confusing it? Seems like this would work?

    Thanks,
    Scott<-
     
    Scott Townsend, Mar 23, 2006
    #1
    1. Advertisements

  2. How is the routing set up on your servers?
     
    Walter Roberson, Mar 23, 2006
    #2
    1. Advertisements

  3. On the inside network, the routers and servers do not know that PIX2 Exists.
    Though they are on the Same Physical Subnet.

    Though I though that since the PIX is doing the Address translations from
    the outside to the inside, the request would originate from PIX2 which is on
    the same subnet and just return the reply to PIX2.

    So I have
    Router: 10.1.0.1 255.255.0.0
    PIX1: 10.1.0.2 255.255.0.0
    PIX2: 10.1.0.4 255.255.0.0
    WWWServer: 10.1.0.10 255.255.0.0 192.168.0.10/24
    MailServer: 10.1.0.11 255.255.0.0 192.168.0.11/24


    Both PIXs have the same static table:
    static (inside,outside) WWWServer_o WWWServer_i netmask 255.255.255.255 0 0
    static (inside,outside) MailServer_o MailServer_i netmask 255.255.255.255 0
    0

    So both PIXs are responding to 192.168.0.10. Though is that address the one
    that is used to route the reply back out to the internet? Even so, wouldn't
    it be via the MAC address of the PIX2 and go back to PIX2 to reply?

    So here is another question, How do I test the new PIX with the same Config
    without taking down the network??

    Thanks,
    Scott<-
     
    Scott Townsend, Mar 23, 2006
    #3
  4. Okay, so I think I found (part) of the issue.

    I created a Static Route for the Outside IP address I'm using on my Test
    laptop, so that the Router and PIX1 know to pass the traffic to PIX2 for
    anything destined to that IP.

    I can now surf to Web pages on the Inside from Outside2. Now to get VPN to
    work.

    Thanks,
     
    Scott Townsend, Mar 23, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.