> > I have a Sun
> > Sparc5 running SunOS 4.1.3, with this I have Firewall-1 2.0 running on
> > top of it. I also have a CISCO 4000 setup as an Internal router. The
> > problem that I'm having is that I'm unable to receive information back to
> > my machines sitting behind the Internal router. The exact trouble seems
> > to be the firewall does not know how to route back into my "Internal"
> > networks. The setup is like this:
> >
> >
> > Internet ------ ISP Router ----- FW ----- CISCO 4000 ------ Internal Nets
> > 172.16.1.0 172.16.2.0 172.16.*
> >
> > I intially set the routing table on the FW to be
> >
> > DEST Nexthop
> > 172.16.1 172.16.1.1 (local)
> > 172.16.2 172.16.2.1 (local)
> > default ISP router
> > 172.16.0.0 CISCO 4000
> > This didn't work.
> > I turned routed on within the Firewall, but when I did, the default route
> > (0.0.0.0) from the CISCO added a *new* default route to the Firewall.
> >
> > default Cisco
> >
> > and it took precedence over the one I installed. Since the FW and the
> > CISCO ping-ponged packets all day, nothing communicated. The default
> > route of the CISCO router is overriding the default route that I have set
> > on the FW. I have set the Metric Flag on the router to be higher that
> > the FW in hopoes that the FW would take precednece, but this did not
> > work. IS there a way to set something up on the SUN to force its default
> > route to be used or is there a way to stop the CISCO's default route from
> > taking over. I also tried not setting the 'route of last resort' on the
> > CISCO hoping that the RIP update from the FW would fill in the default
> > route. It didn't. Shouldn't this work? Is there a way on the CISCO to
> > set a default route and not have it sent out in a routing update? BTW,
> > what is the proper way to set the default route on a CISCO? I've been
> > using:
> To suppress broadcasting the default route from CISCO,configure as
> below:
>
> router rip
> network 172.16.0.0
> distribute-list access-list# out interface_name_to_FW
>
> access-list access-list# deny 0.0.0.0
> access-list access-list# permit any
>
> >
> > ip route 0.0.0.0 172.16.2.1
> >
> > Has anyone else with a class "B" address run into this problem before? I
> > know this can be solved if I obtained a class C, subnet it, and use it on
> > either side of the FW. That way there would be an unambigious route to
> > 172.16 from the FW's point of view. However that's not an option right
> > now. Any help is appreciated.
> >
>
> I'm running class B class network with FW-1 and CISCO4500 like
> yours. I've installed gated-R3.5Beta3 on FW machine (SS-5/Solaris2.4)
> and run it instead of in.routed. On the configuration file
> (/etc/gated.conf), I defined the default route to ISP and configured
> it to be broadcasted to internal network through the ethernet
> port. This default route is distributed to all the internal network
> by CISCO 4500.
>
> Anyway gated is very fine. I strongly recommend to install it on your
> FW machine.You can get the latest version from
> ftp://ftp.gated.merit.edu/research.and.development/gated
>
> Nobuhiko Yoshimoto
>
> Nihon Keizaishimbun Inc. (The Nikkei)
> yoshi @
nikkei .
co .
jp
|
|
