PIX as a router

Answered Question
Aug 14th, 2007
User Badges:
  • Bronze, 100 points or more

Hello Guys need your guidance!


Is it possible to use the PIX 515E as a router? See the link below for the network topology.


http://img259.imageshack.us/img259/2831/pixasarouterns1.jpg


Referring to the network topology. The client want that the two subnets (192.168.1.0/24 and 192.168.2.0/24) can access each other. In addition, both subnets be able to access the web.




Correct Answer by Jon Marshall about 9 years 11 months ago

It would be a lot easier if it is version 7.x


What you can do is make the 2 interfaces that connect to your internal subnets the same security level. Then add the following command to your config


same-security-traffic permit inter-interface


This will allow traffic to flow freely between those 2 subnets without access-lists or NAT statements.


HTH


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jon Marshall Tue, 08/14/2007 - 16:58
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Yes you can do this. Presumably you have 3 interfaces on the pix firewall ?


How you set this up depends on what version of code you are running on your pix ie. v6.x or v7.x.


Which version are you running on your pix ?


Jon

Rejohn Ronald Cuares Tue, 08/14/2007 - 23:10
User Badges:
  • Bronze, 100 points or more

It has 6 interfaces. I still dont know the version of the Pix 515E however im sure it is 7.x coz it was bought last year 2006.


By the way each subnet contains 100+ users.

Correct Answer
Jon Marshall Tue, 08/14/2007 - 23:29
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

It would be a lot easier if it is version 7.x


What you can do is make the 2 interfaces that connect to your internal subnets the same security level. Then add the following command to your config


same-security-traffic permit inter-interface


This will allow traffic to flow freely between those 2 subnets without access-lists or NAT statements.


HTH


Jon

Actions

This Discussion