Firewall Wizards mailing list archives
PIX Routing Issue
From: "Josh Welch" <jwelch () buffalowildwings com>
Date: Thu, 22 Jan 2004 15:47:28 -0600
Okay, I apologize if this is confusing, I'm still hammering it out in my
skull. I've got a number of remote sites to be set up with PIX501s to VPN
into a PIX515. Behind the PIX515 is LAN2, then a Linux box, LINUXFW2,
seperating LAN2 from LAN1, and another Linux box, LINUXFW1, serving as the
Gateway for LAN1 and our DMZ, where our mail server sits. So, our clients at
the remote sites through a squid proxy 've set up in LAN2. The squid proxy
is using LINUXFW2 as its default gateway, that traffic is being routed out
through LINUXFW1, that's working great. Now, I need to be able to get those
clients to be able to hit our mail server in the DMZ, without using split
tunnels. I've tried doing one of these on the PIX515:
route inside X.X.X.68 255.255.255.255 10.0.2.11 1
This didn't do it, and in my thinking, it should. I also tried:
route outside X.X.X.68 255.255.255.255 10.0.2.11 1
Which I didn't think was right, and it didn't work either. I put together a
little ASCII diagram, don't know if it helps or hurts matters, but here it
is. THanks for taking the time on this.
Josh
|REMOTE |__INTERNET__| PIX515 |_LAN2_|LINUXFW2 |
|X.X.X.X| |X.X.X.88 10.0.2.10| |10.0.2.11|
| |
|10.0.0.11|-|
|
|
INTERNET_____ | LINUXFW1 |____LAN1_______|
|X.X.X.93 10.0.0.10|
| X.X.X.78 |
|
DMZ
MAILSERVER
X.X.X.68
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX Routing Issue Josh Welch (Jan 22)
- RE: PIX Routing Issue Wes Noonan (Jan 22)
- RE: PIX Routing Issue Josh Welch (Jan 31)
- RE: PIX Routing Issue Wes Noonan (Jan 22)