Two PIX on same subnet with same gateway?

Discussion in 'Cisco' started by This Old Man, Oct 17, 2003.

  1. This Old Man

    This Old Man Guest

    We have two pix on the same subnet: one to the internet and one to an ASP.
    Between them we have a router that does ISDN dial-backup also on the same
    subnet. When we route outside traffic through PIX 1 to the router and then
    to PIX2 we can ping but cannot telnet to the ASP. But when we point the
    PIX's at each other take the router out of the picture the telnet to the ASP
    works fine, but of course then the ISDN dial-backup router is out of the
    loop.

    Any ideas?

    Thanks!
     
    This Old Man, Oct 17, 2003
    #1

    1. Advertisements

  2. This Old Man

    Chris Ames-Farrow Guest

    I'm guessing your network looks something like:

    +PIX1---->Internet
    |
    LAN------+Router-->ISDN Dial
    |
    +PIX2---->ASP

    If so, how about:

    Default gateway on the LAN is Router.
    Static route on Router to the ASP host/network via PIX2
    e.g. for a host
    ip route a.b.c.d 255.255.255.255 [PIX2 inside address]

    OSPF between PIX1 and Router, routing as follows:
    ISDN dial routing static on an administrative distance of 200
    Default route on PIX1 redistributed in OSPF - this should (if memory
    serves correctly) appear as a candidate default route on the router
    with an admin distance of 170

    Assuming a) PIX1 is on 6.3, b) IOS on the router supports OSPF and c)
    the network topology guess is correct.
     
    Chris Ames-Farrow, Oct 17, 2003
    #2

    1. Advertisements

  3. This Old Man

    Walter Roberson Guest

    :We have two pix on the same subnet: one to the internet and one to an ASP.
    :Between them we have a router that does ISDN dial-backup also on the same
    :subnet. When we route outside traffic through PIX 1 to the router and then
    :to PIX2 we can ping but cannot telnet to the ASP. But when we point the
    :pIX's at each other take the router out of the picture the telnet to the ASP
    :works fine, but of course then the ISDN dial-backup router is out of the
    :loop.

    Could you provide a bit of a network diagram? In particular, I'm
    unclear on how the router fits in considering they are on the same
    subnet? Are you bridging the subnet across the router, or using
    "ip unnumbered", or something else?
     
    Walter Roberson, Oct 17, 2003
    #3
  4. This Old Man

    Mike Guest

    I assume that it's a fixed subnet that you route to your ASP and not
    everything. This might be a proxy-arp issue and assuming that your
    static routes are correct, each pix has the correct static routes to
    the router and vis versa then on the routers ethernet interface I
    would configure no ip proxy-arp and on the two pix sysopt noproxyarp
    inside. Again assuming the static routes are correct.
     
    Mike, Oct 18, 2003
    #4
  5. This Old Man

    This Old Man Guest

    Thanks to you and everyone for trying and sorry I didn't provide enough
    info.

    My Cisco "expert" is coming onsite tomorrow to figure it out and I'll let
    you know what he did.
     
    This Old Man, Oct 20, 2003
    #5

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Two firewall on same subnet/switch

  2. How to configure two routers with two ISPs and PIX 515 with failover with BGP?

  3. PIX525 - Setup ipsec tunnel to two Nortel FW sharing the same subnet

  4. Subnet a subnet mask?

  5. cannot ping from subnet A to subnet B for a specific host

  6. Add a private subnet to existing real class C subnet

  7. Two Gatway network (Linux gateway and pix 515E gateway)

  8. Two routers with their own external static public IP's serving PORTIONS of the same internal subnet.

Loading...