Great Circle Associates Firewalls
(September 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Firewall-1,Sun,CISCO,Class"B"address
From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Date: 5 Sep 96 9:42:53 EDT
To: "John H. Kerr" <jhkerr @ ashton . csc . com>
Cc: firewalls <firewalls @ sybase . com> 
SunOS can't deal with variable-length
subnet masks, so having 172.16.1.0
and 172.16.0.0 in it's route tables
will just confuse it.

Either change the inside interface
address to a subnet mask of
255.255.0.0 and use proxy arp on
the Cisco, or put in a route entry for
each subnet on the inside with
a subnet mask of 255.255.255.0

    Ryan

---------- Previous Message ----------
To: firewalls
cc: 
From: jhkerr @ ashton.csc.com ("John H. Kerr") @ smtp
Date: 08/31/96 05:27:32 PM
Subject: Firewall-1,Sun,CISCO,Class"B"address

I was wondering if anyone has a solution to this problem.  I have a Sun 
Sparc5 running SunOS 4.1.3, with this I have Firewall-1 2.0 running on 
top of it.  I also have a CISCO 4000 setup as an Internal router.  The 
problem that I'm having is that I'm unable to receive information back to 
my machines sitting behind the Internal router.  The exact trouble seems 
to be the firewall does not know how to route back into my "Internal" 
networks.  The setup is like this:


Internet ------ ISP Router ----- FW ----- CISCO 4000 ------ Internal Nets
                      172.16.1.0    172.16.2.0              172.16.*

I intially set the routing table on the FW to be

 DEST  Nexthop
 172.16.1 172.16.1.1 (local)
 172.16.2 172.16.2.1 (local)
 default  ISP router
 172.16.0.0 CISCO 4000
This didn't work.
I turned routed on within the Firewall, but when I did, the default route 
(0.0.0.0) from the CISCO added a *new* default route to the Firewall.
 
 default  Cisco

and it took precedence over the one I installed.  Since the FW and the 
CISCO ping-ponged packets all day, nothing communicated.  The default 
route of the CISCO router is overriding the default route that I have set 
on the FW.  I have set the Metric Flag on the router to be higher that 
the FW in hopoes that the FW would take precednece, but this did not 
work.  IS there a way to set something up on the SUN to force its default 
route to be used or is there a way to stop the CISCO's default route from 
taking over.  I also tried not setting the 'route of last resort' on the 
CISCO hoping that the RIP update from the FW would fill in the default 
route.  It didn't.  Shouldn't this work?  Is there a way on the CISCO to 
set a default route and not have it sent out in a routing update?  BTW, 
what is the proper way to set the default route on a CISCO?   I've been 
using:

ip route 0.0.0.0 172.16.2.1

Has anyone else with a class "B" address run into this problem before?  I 
know this can be solved if I obtained a class C, subnet it, and use it on 
either side of the FW.  That way there would be an unambigious route to 
172.16 from the FW's point of view.  However that's not an option right 
now.  Any help is appreciated.
Indexed By Date Previous: options for proxying SSL traffic?
From: <junya @ fsdirect . com>
Next: Re: Re: Firewalls-Digest #484
From: LLynch @ tribune . com
Indexed By Thread Previous: Firewall-1,Sun,CISCO,Class"B"address -Reply
From: Rod Carty <rcarty @ nwtel . ca>
Next: Re: Firewall-1,Sun,CISCO,Class"B"address
From: Nobuhiko Yoshimoto <yoshi @ koto . nikkei . co . jp>
Google
 
Search Internet Search www.greatcircle.com