Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

static route can ping from router but not LAN

Options
  • 31-08-2005 1:30pm
    #1
    sovtek
    Closed Accounts Posts: 2,485 ✭✭✭


    OK have a Cisco PIX that I'm trying to set a static route to reach an outbound relay mail server (10.1.6.51) in which we have a VPN on a separate line (default gw 10.133.1.1).
    The PIX is being used as defaul gw (10.133.6.10) by our mail server (10.133.1.51).


    route inside 10.1.0.0 255.255.0.0 10.133.1.1 1

    I can then ping 10.1.6.51 from the PIX but not from our mail server.
    Is there something else I need to do on the PIX to route packets? I want to avoid setting a static route on each and every machine.


Comments

  • Options
    #2
    axer
    Registered Users Posts: 5,517 ✭✭✭axer


    have you got access lists set up?


  • Options
    #3
    Kali
    Closed Accounts Posts: 6,601 ✭✭✭Kali


    axer wrote:
    have you got access lists set up?

    Its an odd one as the default is too permit any from an inside interface to an interface of lower security anyway.. so he'd need an explicit deny in there, which should be an obvious one to spot.

    Presumably no other hosts on the 10.133 can route to the 10.1 network either? .. traceroute is the starting point here.. see where the default packets are going, they may be getting routed through another pix interface... if the pix is setup as the default gateway then any routes on it should be followed for anything else on the inside network.


  • Options
    #4
    sovtek
    Closed Accounts Posts: 2,485 ✭✭✭sovtek


    Kali wrote:
    Its an odd one as the default is too permit any from an inside interface to an interface of lower security anyway.. so he'd need an explicit deny in there, which should be an obvious one to spot.

    Presumably no other hosts on the 10.133 can route to the 10.1 network either? .. traceroute is the starting point here.. see where the default packets are going, they may be getting routed through another pix interface... if the pix is setup as the default gateway then any routes on it should be followed for anything else on the inside network.

    I've attached the pix and the router config.
    For some reason BT put the router in front of the pix.


  • Options
    #5
    sovtek
    Closed Accounts Posts: 2,485 ✭✭✭sovtek


    Kali wrote:

    Presumably no other hosts on the 10.133 can route to the 10.1 network either? .. traceroute is the starting point here.. see where the default packets are going, they may be getting routed through another pix interface... if the pix is setup as the default gateway then any routes on it should be followed for anything else on the inside network.


    No only the pix can ping the 10.1.0.0 network and it's being used as the default gateway.

    This is the traceroute output:

    usit-hq-s03:~ # traceroute 10.1.6.51
    traceroute to 10.1.6.51 (10.1.6.51), 30 hops max, 40 byte packets
    1 * * *
    2 * * *
    3 * * *
    4 * * *
    5 * * *
    6 * * *
    7 * * *
    8 * * *
    9 * * *
    10 * * *
    11 * * *
    12 * * *
    13 * * *
    14 * * *
    15 * * *
    16 * * *
    17 * * *
    18 * * *


Advertisement