Fun with Dynamips – router broken by VRF-lite and PIX

See nice and simple VRF-lite exercise splitting SW1 router into R1 and R2 routers and connecting them by PIX firewall. I was able to ping from R2 (connected to inside interface of PIX) to R1 which is connected to outside interface of PIX firewall.



 SW1


vtp file nvram:vlan.dat

ip vrf R1
description Router R2
!
ip vrf R2
description Router R2
interface Vlan10
ip vrf forwarding R1
ip address 1.1.1.1 255.255.255.0
!
interface Vlan20
ip vrf forwarding R2
ip address 2.2.2.2 255.255.255.0
router rip
version 2
!
address-family ipv4 vrf R2
network 2.0.0.0
no auto-summary
exit-address-family
!
address-family ipv4 vrf R1
network 1.0.0.0
no auto-summary
exit-address-family
no cdp log mismatch duplex
SW1#sh vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0, Fa1/1, Fa1/2, Fa1/3
Fa1/4, Fa1/5, Fa1/6, Fa1/7
Fa1/10, Fa1/11, Fa1/12, Fa1/13
Fa1/14, Fa1/15
10 VLAN0010 active Fa1/8
20 VLAN0020 active Fa1/9
PIXFIREWALL

PIX Version 8.0(4)
!
hostname pixfirewall
!
interface Ethernet0
nameif outside
security-level 0
ip address 1.1.1.12 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 2.2.2.12 255.255.255.0
!
router rip
network 1.0.0.0
network 2.0.0.0
version 2

SW1#ping vrf R2 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/228/356 ms
SW1#

pixfirewall# sh service-policy global
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns preset_dns_map, packet 0, drop 0, reset-drop 0
Inspect: ftp, packet 0, drop 0, reset-drop 0
Inspect: h323 h225 _default_h323_map, packet 0, drop 0, reset-drop 0
Inspect: h323 ras _default_h323_map, packet 0, drop 0, reset-drop 0
Inspect: rsh, packet 0, drop 0, reset-drop 0
Inspect: rtsp, packet 0, drop 0, reset-drop 0
Inspect: esmtp _default_esmtp_map, packet 0, drop 0, reset-drop 0
Inspect: sqlnet, packet 0, drop 0, reset-drop 0
Inspect: skinny , packet 0, drop 0, reset-drop 0
Inspect: sunrpc, packet 0, drop 0, reset-drop 0
Inspect: xdmcp, packet 0, drop 0, reset-drop 0
Inspect: sip , packet 0, drop 0, reset-drop 0
Inspect: netbios, packet 0, drop 0, reset-drop 0
Inspect: tftp, packet 0, drop 0, reset-drop 0
Inspect: icmp, packet 20, drop 0, reset-drop 0
Dynamips configuration file used:
autostart=false
[localhost:7200]
workingdir = C:\Documents and Settings\Dynamips\sec-iewb\wrk
[[3745]]
image = C:\Documents and Settings\Dynamips\images\C3745-AD.BIN
ram = 128
mmap = false
ghostios = true
sparsemem = true
[[Router SW1]]
model = 3745
console = 2012
slot1 = NM-16ESW
# pix1
F1/8 = PIX1 e0 # outside
F1/9 = PIX1 e1 # inside
F1/14 = PIX1 e2 # dmz
[pemu localhost]
[[525]]
image = C:\Documents and Settings\\Dynamips\images\pix804.bin
serial =
key =
[[FW PIX1]]