Hello,
I'm wondering if anybody has come up with a reasonable
solution to static routes for Windows 95/98/NT laptop users
in networks with a firewall and *another* gateway.
If we have a setup where:
- The default route points to the firewall on the local
network, and;
- You need an additional route to point to a gateway for
some private network (either via VPN or a private (leased line
or frame relay) link).
(e.g.: the route to 0.0.0.0 is 10.0.0.1 and the route to
172.16.0.0/16 is 10.0.0.2)
Specific problems I have run into include:
- With a PIX firewall, even you don't mind having packets
bounce off the PIX inside interface, it won't let you. If you
have a "route inside" statement, you get an error of the form:
106011: Deny inbound (No xlate) tcp
src inside:X.X.X.X/1047 dst inside:Y.Y.Y.Y/23
Which is the PIX's way of saying it refuses to receive a
packet on the inside interface and resend it to a gateway
on the inside. So you need a route on each host inside.
- If you have a "route add" in a startup .BAT file on a 95 or
98 PC or a "route add -p" on an NT PC, if it is a laptop and that
laptop travels to the remote network the "route add" is pointing
at, then you need a .BAT file to reverse the startup .BAT file.
I assume you might have similar problems with a *nix laptop.
Is there a way to get one of these systems to listen to
RIP or something similar ?
I think I can do this with DHCP, but at least one of the
networks involved is very small and it would be nice to avoid
having to to setup a DHCP server (and having one more server
piece to depend on).
Thanks in advance for any advice and help !
- Randy
-
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:27 PDT