pix 501, static route to d-link router (different subnet)
Posted
by
ra170
on Super User
See other posts from Super User
or by ra170
Published on 2010-11-22T07:02:36Z
Indexed on
2011/01/02
3:55 UTC
Read the original article
Hit count: 307
I have pix 501 cisco firewall with internal ip 192.168.10.1.
I have connected d-link router (dir-655) to pix 501.
The d-link router has internal ip 192.168.0.1
The picture would like something like that:
|pix 501| has 192.168.10.1 ip
|DIR-655| has 192.168.0.1 ip
1. |cable modem|----|pix 501|-------|DIR-655|-----PC
2. PC--------|pix 501|---------|DIR-655|
|
|
|cable modem|
When I'm on the wireless network (dir-655) with assigned ip of 192.168.0.x
I can cross the subnet and connect to my firewall 192.168.10.1.
(pic. 1)
The problem is that if I'm on the 192.168.10.x
network I can't connect to anything over at 192.168.0.x
network. (pic.2)
I've tried entering a static route like this:
`route inside 192.168.0.0 255.255.255.0 192.168.10.1 1`
I also tried assigning static ip to wan interface on DIR-655 to 192.168.10.30
and then tried this:
route inside 192.168.0.0 255.255.255.0 192.168.10.30 1
But still, can't connect to 192.168.0.1 or anything on that subnet.
Is there a way to setup a static route? Would adding a separate router between PIX 501 and DIR-655 help?
I would think that static route like this should take care of it, but it doesn't.
This is my route config and nat:
(config)# sh route
outside 0.0.0.0 0.0.0.0 (outside_IP) 1 DHCP static
outside (outside_IP) 255.255.248.0 (outside_IP) 1 CONNECT static
inside 192.168.0.0 255.255.255.0 192.168.10.1 1 OTHER static
inside 192.168.10.0 255.255.255.0 192.168.10.1 1 CONNECT static
or (route inside 192.168.0.0 255.255.255.0 192.168.10.30 1)
(config)# sh nat
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
nat (inside) 1 192.168.10.0 255.255.255.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
I ended up turning DIR-655 into an Access Point (turning off DHCP and pluging cable from PIX lan interface into one of the LAN interfaces on DIR-655, and leaving WAN port empty), that works as far as DIR-655 being on the same subnet now, and I can access every machine. However the question is, why can't I simply route between those two? would router between these two help? One of the reasons is, that the PIX 501 has only 10 licences, so now I'm using almost all of them. (I have few computers, iphones, ps3, print server, etc.)
I would really appreciate some help! Thanks.
© Super User or respective owner