[TriLUG] Rather OT: Another Routing Question

Brian Henning brian at strutmasters.com
Wed Aug 18 16:38:21 EDT 2004 

Hi,
  Okay, so I've got two subnets linked by a bridge.  For argument's sake,
let's call them 192.168.50.0/24 and 192.168.100.0/24, and the bridge's node
is 100 on both subnets.

Obviously, for a machine on one subnet to successfully communicate with a
machine on the other subnets, both machines have to be aware of where to
send packets destined for the other subnet.  This can be done by setting
static routes on the machines that need to talk to each other.  No sweat.
  However, consider, if you will, that lots of .50 machines need to chat
with lots of .100 machines, so many as to make setting static routes on each
machine a formidable task.  Add to the mix that the bridge, .100, is not the
bridge to the outside world, so using it as the default gateway is also not
an option.
  I thought I was on to something, by setting static routes on the default
gateways for both subnets (for argument's sake, say they are .200).  So, the
.100 gateway (192.168.100.200) knows that packets destined for the .50
subnet need to go through the bridge at 192.168.100.100, and likewise the
converse for the .50 gateway.  I thought I was on to something because that
seemed to work....but only in one direction.
  See, a particular machine on the .50 net can respond to pings from a
machine on the .100 net.  Let's call them .50.2 and .100.33.  .100.33 has a
static route for .50.0/24, but .50.2 doesn't have any static routes set for
the .100 subnet, so how would it know how to get its ping responses back to
the .100 subnet, unless another device, the default gateway, were routing
the packets?  It seems like it would make sense.
  But unless I set that static route on the .100.33 machine, I can't get
pings over to .50.0/24.  Setting the static route on the default gateway
device (.200) doesn't seem to have any effect.
  Now, the mitigating factor is that the .50 subnet gateway (.50.200) is a
SonicWall device which I seem to have a good grasp of.  The .100 gateway
(.100.200) is a Cisco PIX device, which is still largely enigmatic to me.
It's very possible that I've simply configured the PIX incorrectly.  I told
it:
route inside 192.168.50.0 255.255.255.0 192.168.100.100
and it can get pings over to .50 itself, but doesn't seem to want to route
any from the rest of the subnet.  (And similarly, when pinging from .50, I
can get responses from 33, which has the local static route, and .200, which
is the gateway I just described, but not from anything else).
  So, if someone has managed to wade through this somewhat confusing
description, I'd love to be enlightened.

Thank you!

Regards,
~Brian

----------------
Brian A. Henning
Strutmasters.com
866.597.2397
----------------

More information about the TriLUG mailing list