[TriLUG] Another Routing Question

Brian Henning brian at strutmasters.com
Wed Jun 21 17:02:10 EDT 2006 

Hi Y'all, it's me again.

I asked this a long time ago, but used faulty terminology and confused 
the matter.  Here's a diagram of my network:

192.168.1.0/24 -------+---------------[ 192.168.1.1    ]
                       |               [ PIX-501 router ]    {
                       |               [ public IP #1   ]----{ internet
              [ 192.168.1.125  ]                             {
              [  linux router  ]
              [ 192.168.10.125 ]
                       |
                       |
192.168.10.0/24 ------+---------------[ 192.168.10.1     ]
                                       [ SonicWall router ]  {
                                       [ public IP #2     ]--{ internet
                                                             {

Hosts on each subnet have 192.168.x.1 set as default gateway.

So.  "linux router" has interfaces on both 192.168.1.0/24 and 
192.168.10.0/24, and is configured to forward packets between the two.

Any hosts with static routes through 192.168.x.125 can communicate with 
each other both at ICMP and IP levels.

SonicWall has a static route as well, directing traffic for 
192.168.1.0/24 to 192.168.10.125.  Any host on 192.168.10.0/24 can get 
packets to any host on 192.168.1.0/24 without needing its own static 
routing table entry.  This says to me that SonicWall is correctly 
redirecting 192.168.10.0/24 packets back to 192.168.10.125 for proper 
routing.

PIX-501 also has a similar static route:
: show route
   ...
   route inside 192.168.10.0 255.255.255.0 192.168.1.125 1 OTHER static
   ...
However, it does not seem to want to correctly redirect packets bound 
for 192.168.10.0/24; any host on 192.168.1.0/24 without a static entry 
in its own routing table can't get packets to 192.168.10.0/24.

So this makes me think it's something about the PIX that I am not 
configuring correctly..  Something to tell it not to drop packets bound 
for 192.168.10.0/24, in addition to telling it how to get them there.. 
I tried -
: access-list inbound line 12 permit ip 192.168.10.0 255.255.255.0 
192.168.1.0 255.255.255.0
but that didn't make any difference.

Aside from PIX peculiarities, this should generally work, right?  Since 
it works on the SonicWall'ed subnet..

Thanks!

~Brian


-- 
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------

More information about the TriLUG mailing list