Need to know about routing entry which is configured in Pix Firewall

Unanswered Question
Feb 29th, 2008

If one of the router is installed inside security zone of pix firewall and pix is connected directly router and ip address of one point of router is (e0), firewall ip is (inside), router Ip is (e1), route has been set ion router is (this command for all traffic network will be go through and route command set in pix is {outside IP Address (Whatever)} because all inside traffic will be pass from outside interface, these all above configuration I understand but my question is why we need to create route command in pix firewall (, I am not able to understand the use of this command. Please e-mail me on [email protected]

Thanks Vinay Gupta.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
cdusio Sat, 03/01/2008 - 05:18

that command tells the firewall how to reach the 10 network. If you don't have it the firewall won't know where to send return traffic.

ray_stone Sat, 03/01/2008 - 09:11

ok, Thanks sir. If one other router I add inside router, my mean here firewall is connected with router and router is coonected also one router then it requirs any other command on firewall of new added router.

munawar.zeeshan Fri, 03/07/2008 - 07:25

You will need to have


You have to point the network of ur new router towards the old router's e0 and ur old router must have proper routing configured to reach to the new router's network.

Rate if help.

JORGE RODRIGUEZ Fri, 03/07/2008 - 08:11

Ray, if connecting a second router the same principle applies as first router's pix/asa static route entry. You indicated already have one router connected to inside under the network with ip, for sake of example say your second router ip that you are connecting to asa in inside is and that router advertizes another network e.g then you need to tell pix/asa how to reach net.

route entry should be:

route inside 1

ray_stone Fri, 03/07/2008 - 10:00

It means if number of router will be adding then everytime it needs a new route command to tell the pix how to reach on added new network. But one confusion point is here, does it require this kind of commands on public router where we just put only default route and don't put any command for return traffic as we do same for pix.


This Discussion