Re: Connecting 2 networks via Win 2003 server

It shouldn't really matter. When a client in 192.168.254 tries to access
a target machine in 192.168.253 , the packet will go to its default router
(the PIX at 192.168.254.252) . The PIX will redirect the packet to
192.168.254.250 (the RRAS router) because of the static route you added.
After this, it should send an ICMP redirect to the sender to inform it of
the correct address to use in future. But the packet should have already
gone.

What happens if you put the static route directly on the client? That
should bypass the PIX altogether. The client should send the packet to the
RRAS router itself.

Mart wrote:
> On Thu, 12 May 2005 12:05:40 +1000, "Bill Grant"
> <not.available@online> wrote:
>
> I had tried both 192.168.253.254 and 192.168.253.0 but neither worked
> which led me to believe I may need to set an ICMP access rule?
>
> Martin
>
>> What the static route needs to do is forward all traffic for the
>> subnet to the RRAS router. The firewall doesn't know how to reach
>> the inner subnet, because it doesn't have an interface in that
>> subnet. You need to forward that traffic to the RRAS router, which
>> does have an interface in that subnet and can deliver the packets.
>>
>> So the static route should be
>>
>> 192.168.253.0 255.255.255.0 192.168.254.250
>>
>> Mart wrote:
>>> Thanks for your reply. I have added the following to the PIX
>>> firewall however I am still not able to ping PC1:
>>>
>>> route inside 192.168.253.254 255.255.255.0 192.168.254.250
>>>
>>> (where .250 is the address of nic1). Is this obviously wrong, or
>>> should I be reverting this now to a cisco newsgroup.
>>>
>>> Martin


.

Relevant Pages