Firewall Wizards mailing list archives
Pix 525 NAT!
From: "Seyed Hossein hamidi" <shhamidi () qomedu ir>
Date: Tue, 15 Feb 2005 14:23:40 +0330
Hi To all excuse me i try to explain my network. we have 5 wireless access point beetween 5 zone( main zone is zone0) and my firewall is in zone0. we want deny bad access from each zone to other zone. i create vlan and zone0,zone1,zone2,zone3,zone4,zonef in ethernet1. and pix is now work fine. we add the my goverment network to this configuration we can add another zone(zoned) or use the ethernet0 for this network. this network have a cisco 800 router with 1 port 10mb/s ethernet(4 port hub) and one ATM(my atm connect to upper network). i add the vlan zoned to ethernet1 of pix and enable rip routing on it and see the route table of router on pix. i use the zone0 computer for text for example 192.168.0.140 and can ping 10.68.146.1(ethernet0 of gov router) and aslo can ping 172.16.2.42 (atm0 of gov router.) but we must use the 10.68.16.2 web server for gov application and in this situation can't see the outer network of 800 router. i can access from pix console all network and can ping 10.68.16.2! but from zone0 users i can access ? why ? pix doing nat but ... ? i add the router config and pix525 config. and output of routing table of each device is attached. thank you. Seyed Hossein Hamidi *************PIX CONFIG :***************** PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto interface ethernet1 vlan20 physical interface ethernet1 vlan10 logical interface ethernet1 vlan11 logical interface ethernet1 vlan12 logical interface ethernet1 vlan13 logical interface ethernet1 vlan14 logical interface ethernet1 vlan15 logical interface ethernet1 vlan50 logical nameif ethernet0 zone00 security99 nameif ethernet1 inside security100 nameif gb-ethernet0 intf2 security4 nameif gb-ethernet1 intf3 security6 nameif vlan10 zone0 security90 nameif vlan11 zone1 security80 nameif vlan12 zone2 security70 nameif vlan13 zone3 security60 nameif vlan14 zone4 security50 nameif vlan15 zonef security40 nameif vlan50 zoned security20 hostname Pix525 domain-name ciscopix.com clock timezone IRST 3 30 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol icmp error fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list zone00 permit tcp any any access-list zone00 permit udp any any access-list zone00 permit icmp any any access-list zone00 permit icmp any any echo access-list zone00 permit icmp any any echo-reply access-list inside permit tcp any any access-list inside permit udp any any access-list inside permit icmp any any access-list inside permit icmp any any echo access-list inside permit icmp any any echo-reply access-list zone0 permit tcp any any access-list zone0 permit udp any any access-list zone0 permit icmp any any access-list zone0 permit icmp any any echo access-list zone0 permit icmp any any echo-reply access-list zone0 deny tcp any any gt 1024 access-list zone0 deny udp any any gt 1024 access-list zone1 permit tcp any any eq 1503 access-list zone1 permit tcp any any eq h323 access-list zone1 permit icmp any host 192.168.1.15 access-list zone1 permit udp any any eq 1433 access-list zone1 permit udp any any eq 1434 access-list zone1 permit tcp any any eq 1434 access-list zone1 permit tcp any any eq 1433 access-list zone1 permit tcp any any eq 3389 access-list zone1 permit udp any any eq 3389 access-list zone1 deny tcp any any gt 1024 access-list zone1 deny udp any any gt 1024 access-list zone1 permit tcp any any access-list zone1 permit udp any any access-list zone1 permit icmp any any access-list zone2 permit tcp any any eq 1503 access-list zone2 permit tcp any any eq h323 access-list zone2 permit icmp any host 192.168.2.15 access-list zone2 permit udp any any eq 1433 access-list zone2 permit udp any any eq 1434 access-list zone2 permit tcp any any eq 1434 access-list zone2 permit tcp any any eq 1433 access-list zone2 permit tcp any any eq 3389 access-list zone2 permit udp any any eq 3389 access-list zone2 deny tcp any any gt 1024 access-list zone2 deny udp any any gt 1024 access-list zone2 permit tcp any any access-list zone2 permit udp any any access-list zone2 permit icmp any any access-list zone3 permit tcp any any eq 1503 access-list zone3 permit tcp any any eq h323 access-list zone3 permit icmp any host 192.168.3.15 access-list zone3 permit udp any any eq 1433 access-list zone3 permit udp any any eq 1434 access-list zone3 permit tcp any any eq 1434 access-list zone3 permit tcp any any eq 1433 access-list zone3 permit tcp any any eq 3389 access-list zone3 permit udp any any eq 3389 access-list zone3 deny tcp any any gt 1024 access-list zone3 deny udp any any gt 1024 access-list zone3 permit tcp any any access-list zone3 permit udp any any access-list zone3 permit icmp any any access-list zone4 permit tcp any any eq 1503 access-list zone4 permit tcp any any eq h323 access-list zone4 permit icmp any host 192.168.4.15 access-list zone4 permit udp any any eq 1433 access-list zone4 permit udp any any eq 1434 access-list zone4 permit tcp any any eq 1434 access-list zone4 permit tcp any any eq 1433 access-list zone4 permit tcp any any eq 3389 access-list zone4 permit udp any any eq 3389 access-list zone4 deny tcp any any gt 1024 access-list zone4 deny udp any any gt 1024 access-list zone4 permit tcp any any access-list zone4 permit udp any any access-list zone4 permit icmp any any access-list zonef permit tcp any any eq 1503 access-list zonef permit tcp any any eq h323 access-list zonef permit icmp any host 192.168.10.15 access-list zonef permit udp any any eq 1433 access-list zonef permit udp any any eq 1434 access-list zonef permit tcp any any eq 1434 access-list zonef permit tcp any any eq 1433 access-list zonef permit tcp any any eq 3389 access-list zonef permit udp any any eq 3389 access-list zonef deny tcp any any gt 1024 access-list zonef deny udp any any gt 1024 access-list zonef permit tcp any any access-list zonef permit udp any any access-list zonef permit icmp any any access-list zoned permit tcp any any access-list zoned permit udp any any access-list zoned permit icmp any any access-list zoned permit icmp any any echo access-list zoned permit icmp any any echo-reply pager lines 24 logging on logging timestamp logging trap debugging logging history debugging logging host zone0 192.168.0.10 6/1468 mtu zone00 1500 mtu inside 1500 mtu intf2 1500 mtu intf3 1500 no ip address zone00 ip address inside 192.168.250.105 255.255.255.0 no ip address intf2 no ip address intf3 ip address zone0 192.168.0.15 255.255.255.0 ip address zone1 192.168.1.15 255.255.255.0 ip address zone2 192.168.2.15 255.255.255.0 ip address zone3 192.168.3.15 255.255.255.0 ip address zone4 192.168.4.15 255.255.255.0 ip address zonef 192.168.10.15 255.255.255.0 ip address zoned 10.68.146.15 255.255.255.0 ip verify reverse-path interface zone00 ip verify reverse-path interface inside ip verify reverse-path interface zone0 ip verify reverse-path interface zone1 ip verify reverse-path interface zone2 ip verify reverse-path interface zone3 ip verify reverse-path interface zone4 ip verify reverse-path interface zonef multicast interface zone00 multicast interface zone0 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 no failover ip address zone00 no failover ip address inside no failover ip address intf2 no failover ip address intf3 no failover ip address zone0 no failover ip address zone1 no failover ip address zone2 no failover ip address zone3 no failover ip address zone4 no failover ip address zonef no failover ip address zoned pdm location 192.168.0.0 255.255.255.0 zone0 pdm location 192.168.0.10 255.255.255.255 zone0 pdm location 10.68.146.0 255.255.255.0 zoned pdm location 10.68.16.0 255.255.255.0 zoned pdm location 172.16.0.0 255.255.0.0 zoned pdm history enable arp timeout 14400 static (zone1,zone0) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0 static (zone2,zone0) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0 static (zone3,zone0) 192.168.3.0 192.168.3.0 netmask 255.255.255.0 0 0 static (zone4,zone0) 192.168.4.0 192.168.4.0 netmask 255.255.255.0 0 0 static (zone0,zone1) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0 static (zone2,zone1) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0 static (zone3,zone1) 192.168.3.0 192.168.3.0 netmask 255.255.255.0 0 0 static (zone4,zone1) 192.168.4.0 192.168.4.0 netmask 255.255.255.0 0 0 static (zone1,zone2) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0 static (zone0,zone2) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0 static (zone3,zone2) 192.168.3.0 192.168.3.0 netmask 255.255.255.0 0 0 static (zone4,zone2) 192.168.4.0 192.168.4.0 netmask 255.255.255.0 0 0 static (zone1,zone3) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0 static (zone2,zone3) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0 static (zone0,zone3) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0 static (zone4,zone3) 192.168.4.0 192.168.4.0 netmask 255.255.255.0 0 0 static (zone1,zone4) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0 static (zone2,zone4) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0 static (zone3,zone4) 192.168.3.0 192.168.3.0 netmask 255.255.255.0 0 0 static (zone0,zone4) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0 static (zone0,zonef) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0 static (zone1,zonef) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0 static (zone2,zonef) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0 static (zone3,zonef) 192.168.3.0 192.168.3.0 netmask 255.255.255.0 0 0 static (zone4,zonef) 192.168.4.0 192.168.4.0 netmask 255.255.255.0 0 0 static (zonef,zone0) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 0 0 static (zonef,zone1) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 0 0 static (zonef,zone2) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 0 0 static (zonef,zone3) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 0 0 static (zonef,zone4) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 0 0 static (zone0,zoned) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0 static (zoned,zone0) 10.68.146.0 10.68.146.0 netmask 255.255.255.0 0 0 access-group zone00 in interface zone00 access-group inside in interface inside access-group zone0 in interface zone0 access-group zone1 in interface zone1 access-group zone2 in interface zone2 access-group zone3 in interface zone3 access-group zone4 in interface zone4 access-group zonef in interface zonef access-group zoned in interface zoned rip zoned passive version 2 route zoned 10.68.16.0 255.255.255.0 10.68.146.1 1 route zoned 172.16.0.0 255.255.0.0 10.68.146.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local aaa authentication serial console LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL http server enable http 192.168.0.0 255.255.255.0 zone0 snmp-server enable traps tftp-server zone0 192.168.0.140 config.txt no floodguard enable telnet timeout 1 ssh 192.168.0.0 255.255.255.0 zone0 ssh timeout 5 management-access zone0 console timeout 0 terminal width 80 *************Cisco800 CONFIG :***************** version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname SHAHR-CO ! enable secret 5 XXXX ! username SHAHR-CO password 7 XXX no ip subnet-zero no ip domain-lookup ! ! ! ! interface Ethernet0 ip address 10.68.146.1 255.255.255.0 no keepalive hold-queue 100 out ! interface ATM0 ip address 172.16.2.41 255.255.255.252 no atm ilmi-keepalive pvc 1/1 protocol ip 172.16.2.42 broadcast ! dsl equipment-type CO dsl operating-mode GSHDSL symmetric annex A dsl linerate AUTO ! router rip version 2 network 10.0.0.0 network 172.16.0.0 no auto-summary ! ip classless ip route 10.68.146.0 255.255.255.0 10.68.146.15 ip route 192.168.0.0 255.255.0.0 10.68.146.15 ip http server ! ! route-map t permit 10 ! ! line con 0 exec-timeout 120 0 stopbits 1 line vty 0 access-class 1 in exec-timeout 120 0 password 7 XXX login local length 0 line vty 1 4 access-class 23 in exec-timeout 120 0 login local length 0 ! scheduler max-task-time 5000 end *********Cisco800 Route Out And Trace :************** HAHR-CO#sh ip ro Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 102 subnets, 2 masks R 172.16.1.176/30 [120/2] via 172.16.2.42, 00:00:04, ATM0 R 172.16.1.168/30 [120/3] via 172.16.2.42, 00:00:25, ATM0 R 172.16.1.156/30 [120/2] via 172.16.2.42, 00:00:25, ATM0 R 172.16.1.148/30 [120/2] via 172.16.2.42, 00:00:25, ATM0 R 172.16.1.144/30 [120/3] via 172.16.2.42, 00:00:25, ATM0 R 172.16.1.140/30 [120/3] via 172.16.2.42, 00:00:25, ATM0 R 172.16.1.136/30 [120/3] via 172.16.2.42, 00:00:25, ATM0 R 172.16.1.128/30 [120/2] via 172.16.2.42, 00:00:25, ATM0 R 172.16.1.252/30 [120/3] via 172.16.2.42, 00:00:25, ATM0 R 172.16.1.248/30 [120/2] via 172.16.2.42, 00:00:25, ATM0 R 172.16.1.244/30 [120/2] via 172.16.2.42, 00:00:25, ATM0 R 172.16.1.240/30 [120/2] via 172.16.2.42, 00:00:25, ATM0 R 172.16.1.236/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.1.224/30 [120/3] via 172.16.2.42, 00:00:27, ATM0 R 172.16.1.208/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.1.200/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.1.196/30 [120/3] via 172.16.2.42, 00:00:27, ATM0 R 172.16.12.48/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.13.48/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.11.52/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.12.52/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.13.52/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.11.48/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.12.56/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.13.56/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.1.52/30 [120/3] via 172.16.2.42, 00:00:27, ATM0 R 172.16.11.60/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.13.60/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.1.48/30 [120/3] via 172.16.2.42, 00:00:27, ATM0 R 172.16.11.56/30 [120/1] via 172.16.2.42, 00:00:27, ATM0 R 172.16.12.32/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.1.44/30 [120/3] via 172.16.2.42, 00:00:27, ATM0 R 172.16.13.32/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.2.44/30 [120/3] via 172.16.2.42, 00:00:27, ATM0 R 172.16.11.36/30 [120/2] via 172.16.2.42, 00:00:27, ATM0 R 172.16.12.36/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.1.40/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.13.36/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 C 172.16.2.40/30 is directly connected, ATM0 R 172.16.11.32/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.12.40/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.13.40/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.2.36/30 [120/3] via 172.16.2.42, 00:00:28, ATM0 R 172.16.11.44/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.13.44/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.1.32/30 [120/3] via 172.16.2.42, 00:00:28, ATM0 R 172.16.2.32/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.11.40/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.12.16/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.13.16/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.1.28/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.11.20/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.12.20/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.13.20/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.2.24/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.11.16/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.12.24/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.1.20/30 [120/2] via 172.16.2.42, 00:00:28, ATM0 R 172.16.13.24/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.28/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.12.28/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.13.28/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.2.16/30 [120/3] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.24/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.4/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.12.4/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.13.4/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.12.8/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.1.4/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.13.8/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.2.4/30 [120/3] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.12/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.12.12/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.13.12/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.8/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.1.124/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.1.120/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.112/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.1.104/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.96/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.100.0/24 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.101.0/24 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.102.0/24 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.108/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.104/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.1.92/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.84/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.80/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.92/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.88/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.12.64/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.13.64/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.1.76/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.68/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.12.68/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.13.68/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.64/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.13.72/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.2.68/30 [120/3] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.76/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 172.16.1.64/30 [120/3] via 172.16.2.42, 00:00:00, ATM0 R 172.16.11.72/30 [120/2] via 172.16.2.42, 00:00:00, ATM0 10.0.0.0/24 is subnetted, 37 subnets R 10.68.78.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.74.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.72.0 [120/4] via 172.16.2.42, 00:00:00, ATM0 R 10.68.70.0 [120/4] via 172.16.2.42, 00:00:00, ATM0 R 10.68.68.0 [120/4] via 172.16.2.42, 00:00:00, ATM0 R 10.68.64.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.84.0 [120/4] via 172.16.2.42, 00:00:00, ATM0 R 10.68.104.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.100.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.98.0 [120/4] via 172.16.2.42, 00:00:00, ATM0 R 10.68.126.0 [120/4] via 172.16.2.42, 00:00:00, ATM0 R 10.68.124.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.122.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.120.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.118.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.112.0 [120/4] via 172.16.2.42, 00:00:00, ATM0 R 10.68.14.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.10.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.2.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.26.0 [120/4] via 172.16.2.42, 00:00:00, ATM0 R 10.68.24.0 [120/4] via 172.16.2.42, 00:00:00, ATM0 R 10.68.20.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.16.0 [120/4] via 172.16.2.42, 00:00:00, ATM0 R 10.68.46.0 [120/2] via 172.16.2.42, 00:00:00, ATM0 R 10.68.38.0 [120/2] via 172.16.2.42, 00:00:01, ATM0 R 10.68.32.0 [120/4] via 172.16.2.42, 00:00:01, ATM0 R 10.68.62.0 [120/2] via 172.16.2.42, 00:00:01, ATM0 R 10.68.60.0 [120/2] via 172.16.2.42, 00:00:01, ATM0 R 10.68.52.0 [120/2] via 172.16.2.42, 00:00:01, ATM0 R 10.68.142.0 [120/2] via 172.16.2.42, 00:00:01, ATM0 R 10.68.138.0 [120/2] via 172.16.2.42, 00:00:01, ATM0 R 10.68.134.0 [120/4] via 172.16.2.42, 00:00:01, ATM0 R 10.68.128.0 [120/4] via 172.16.2.42, 00:00:01, ATM0 R 10.68.148.0 [120/4] via 172.16.2.42, 00:00:01, ATM0 C 10.68.146.0 is directly connected, Ethernet0 R 10.68.144.0 [120/4] via 172.16.2.42, 00:00:01, ATM0 R 10.68.160.0 [120/4] via 172.16.2.42, 00:00:01, ATM0 S 192.168.0.0/16 [1/0] via 10.68.146.15 SHAHR-CO#traceroute 10.68.16.2 Type escape sequence to abort. Tracing the route to 10.68.16.2 1 172.16.2.42 12 msec 8 msec 8 msec 2 172.16.11.58 8 msec 8 msec 24 msec 3 172.16.11.5 8 msec 8 msec 8 msec 4 172.16.1.33 48 msec 16 msec 16 msec 5 10.68.16.2 40 msec 20 msec 20 msec SHAHR-CO# ********* Pix Route ************ Pix525# sh route zoned 10.68.2.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.14.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.16.0 255.255.255.0 10.68.146.1 1 OTHER static zoned 10.68.20.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.24.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.26.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.38.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.46.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.52.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.60.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.62.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.64.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.68.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.70.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.72.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.74.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.78.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.84.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.88.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.98.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.100.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.102.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.112.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.118.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.120.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.124.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.126.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.128.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.138.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.142.0 255.255.255.0 10.68.146.1 3 RIP zoned 10.68.144.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.146.0 255.255.255.0 10.68.146.15 1 CONNECT static zoned 10.68.148.0 255.255.255.0 10.68.146.1 5 RIP zoned 10.68.160.0 255.255.255.0 10.68.146.1 5 RIP zoned 172.16.0.0 255.255.0.0 10.68.146.1 1 OTHER static zoned 172.16.1.4 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.28 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.32 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.1.40 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.44 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.1.48 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.1.52 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.1.76 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.92 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.104 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.120 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.124 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.128 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.136 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.1.140 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.1.144 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.1.148 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.156 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.168 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.1.176 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.196 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.1.200 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.204 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.1.224 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.1.236 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.240 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.244 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.248 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.1.252 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.2.4 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.2.24 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.2.32 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.2.36 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.2.40 255.255.255.252 10.68.146.1 1 RIP zoned 172.16.2.44 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.2.68 255.255.255.252 10.68.146.1 4 RIP zoned 172.16.11.4 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.8 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.12 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.16 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.20 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.24 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.28 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.32 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.36 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.40 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.44 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.48 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.52 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.56 255.255.255.252 10.68.146.1 2 RIP zoned 172.16.11.60 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.64 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.68 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.72 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.76 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.80 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.84 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.88 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.92 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.96 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.104 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.108 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.11.112 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.4 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.8 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.12 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.16 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.20 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.24 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.28 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.32 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.36 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.40 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.48 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.52 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.56 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.64 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.12.68 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.4 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.8 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.12 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.16 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.20 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.24 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.28 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.32 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.36 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.40 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.44 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.48 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.52 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.56 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.60 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.64 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.68 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.13.72 255.255.255.252 10.68.146.1 3 RIP zoned 172.16.100.0 255.255.255.0 10.68.146.1 3 RIP zoned 172.16.101.0 255.255.255.0 10.68.146.1 3 RIP zoned 172.16.102.0 255.255.255.0 10.68.146.1 3 RIP zone0 192.168.0.0 255.255.255.0 192.168.0.15 1 CONNECT static zone1 192.168.1.0 255.255.255.0 192.168.1.15 1 CONNECT static zone2 192.168.2.0 255.255.255.0 192.168.2.15 1 CONNECT static zone3 192.168.3.0 255.255.255.0 192.168.3.15 1 CONNECT static zone4 192.168.4.0 255.255.255.0 192.168.4.15 1 CONNECT static zonef 192.168.10.0 255.255.255.0 192.168.10.15 1 CONNECT static inside 192.168.250.0 255.255.255.0 192.168.250.105 1 CONNECT static Pix525#
Current thread:
- Pix 525 NAT! Seyed Hossein hamidi (Feb 19)