Routing Between Two networks - Network

This is a discussion on Routing Between Two networks - Network ; Because we ran out of IP's we now have two networks, the 14.x and the 11.x networks. We also have a DMZ with 2 web servers and 2 name servers in it. The 11.x and 14.x networks can communicate with ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Routing Between Two networks

  1. Routing Between Two networks

    Because we ran out of IP's we now have two networks, the 14.x and the
    11.x networks. We also have a DMZ with 2 web servers and 2 name
    servers in it.
    The 11.x and 14.x networks can communicate with each other.
    The DMZ and the 11.x network can communicate with each other.
    The 14.x and the DMZ can not communicate.
    The 14 network can ping the pix.
    When you attempt to ping a 14.x device from the DMZ or a device on the
    DMZ from the 14.x the device is found but the packets are lost.

    Any idea as to what I need to do to get information between the 14.x
    and the DMZ?

    You can see a simple diagram of the network here...
    http://63.127.106.223/simplenetworkdiagram.jpg

    Thanks for any help that you can offer!

  2. Re: Routing Between Two networks

    Hi,

    On the first sight, I feel that the following would help you...

    1. Are you sure that you have an IP route in the 2600 router so that
    the packet from 14.x network reach your DMZ?
    eg: IP route 10.0.0.0 192.168.11.y (IP of the PIX interface
    that is connected to 11.x network)

    2. Similarly you need to have a route mentioned in PIX FW to forward
    the packets for 14.x network to the routers interface.

    PIX allows DMZ to inside interface communication only using conduits /
    ACLs, but since you said 11.0 and DMZ can communicate well, 14.0 also
    should work well if it has been configured in PIX.

    Let me know the results / your observations...

    Regards,

    Praveen PM


    dcoulson@interactivecore.com (Derek) wrote in message news:<7c26b59f.0401081153.697aa91a@posting.google.com>...
    > Because we ran out of IP's we now have two networks, the 14.x and the
    > 11.x networks. We also have a DMZ with 2 web servers and 2 name
    > servers in it.
    > The 11.x and 14.x networks can communicate with each other.
    > The DMZ and the 11.x network can communicate with each other.
    > The 14.x and the DMZ can not communicate.
    > The 14 network can ping the pix.
    > When you attempt to ping a 14.x device from the DMZ or a device on the
    > DMZ from the 14.x the device is found but the packets are lost.
    >
    > Any idea as to what I need to do to get information between the 14.x
    > and the DMZ?
    >
    > You can see a simple diagram of the network here...
    > http://63.127.106.223/simplenetworkdiagram.jpg
    >
    > Thanks for any help that you can offer!


  3. Re: Routing Between Two networks

    Praveen is on the right track. PIX problems.
    An eligant and complicateded device with a cryptic interface.
    ACL's allow in and out access. You can go one way but not the other.
    I would fix the IP address by expanding your subnet or it gets complicated.
    But that is what we like here.
    Post your show run for your PIX (without password off course)
    and let us take a look at it.
    DMZ's are made to be isolated.
    Check to see if the ACL commands in the config are equivilant between
    both subnets.
    WHAT I THINK IT IS (like Praveen)
    Add a static routing table entry in the Cisco that

    route 10. traffic through the 11. gateway on the PIX


    dcoulson@interactivecore.com (Derek) wrote in message news:<7c26b59f.0401081153.697aa91a@posting.google.com>...
    > Because we ran out of IP's we now have two networks, the 14.x and the
    > 11.x networks. We also have a DMZ with 2 web servers and 2 name
    > servers in it.
    > The 11.x and 14.x networks can communicate with each other.
    > The DMZ and the 11.x network can communicate with each other.
    > The 14.x and the DMZ can not communicate.
    > The 14 network can ping the pix.
    > When you attempt to ping a 14.x device from the DMZ or a device on the
    > DMZ from the 14.x the device is found but the packets are lost.
    >
    > Any idea as to what I need to do to get information between the 14.x
    > and the DMZ?
    >
    > You can see a simple diagram of the network here...
    > http://63.127.106.223/simplenetworkdiagram.jpg
    >
    > Thanks for any help that you can offer!


  4. Re: Routing Between Two networks

    Here is the PIX config
    http://63.127.106.223/pix.html
    thanks for your help

  5. Re: Routing Between Two networks

    Would this work?

    ip route 10.0.0.0 255.255.255.255 192.168.11.253

    john@networktroubleshooters.com (John@networktroubleshooters.com) wrote in message news:<60859ed8.0401152359.5029e171@posting.google.com>...
    > Praveen is on the right track. PIX problems.
    > An eligant and complicateded device with a cryptic interface.
    > ACL's allow in and out access. You can go one way but not the other.
    > I would fix the IP address by expanding your subnet or it gets complicated.
    > But that is what we like here.
    > Post your show run for your PIX (without password off course)
    > and let us take a look at it.
    > DMZ's are made to be isolated.
    > Check to see if the ACL commands in the config are equivilant between
    > both subnets.
    > WHAT I THINK IT IS (like Praveen)
    > Add a static routing table entry in the Cisco that
    >
    > route 10. traffic through the 11. gateway on the PIX
    >
    >
    > dcoulson@interactivecore.com (Derek) wrote in message news:<7c26b59f.0401081153.697aa91a@posting.google.com>...
    > > Because we ran out of IP's we now have two networks, the 14.x and the
    > > 11.x networks. We also have a DMZ with 2 web servers and 2 name
    > > servers in it.
    > > The 11.x and 14.x networks can communicate with each other.
    > > The DMZ and the 11.x network can communicate with each other.
    > > The 14.x and the DMZ can not communicate.
    > > The 14 network can ping the pix.
    > > When you attempt to ping a 14.x device from the DMZ or a device on the
    > > DMZ from the 14.x the device is found but the packets are lost.
    > >
    > > Any idea as to what I need to do to get information between the 14.x
    > > and the DMZ?
    > >
    > > You can see a simple diagram of the network here...
    > > http://63.127.106.223/simplenetworkdiagram.jpg
    > >
    > > Thanks for any help that you can offer!


  6. Re: Routing Between Two networks

    I fixed it, for the sake of anyone else with this issue I needed to do this.
    static (inside,dmz) 192.168.14.0 192.168.14.0 netmask 255.255.255.0 0 0



    dcoulson@interactivecore.com (Derek) wrote in message

    news:<7c26b59f.0401081153.697aa91a@posting.google.com>...
    > Because we ran out of IP's we now have two networks, the 14.x and the
    > 11.x networks. We also have a DMZ with 2 web servers and 2 name
    > servers in it.
    > The 11.x and 14.x networks can communicate with each other.
    > The DMZ and the 11.x network can communicate with each other.
    > The 14.x and the DMZ can not communicate.
    > The 14 network can ping the pix.
    > When you attempt to ping a 14.x device from the DMZ or a device on the
    > DMZ from the 14.x the device is found but the packets are lost.
    >
    > Any idea as to what I need to do to get information between the 14.x
    > and the DMZ?
    >
    > You can see a simple diagram of the network here...
    > http://63.127.106.223/simplenetworkdiagram.jpg
    >
    > Thanks for any help that you can offer!


+ Reply to Thread