PIX 501 with Outside IP different from Gateway

Unanswered Question
Mar 13th, 2008

I have an interesting PIX issue. A client is trying to route outside traffic to a gateway in a different subnet. I have never seen this configuration before. According to the ISP, I need to run the following config.:

ip address outside 206.138.x.x

route outside 0 0

route outside <outside IP>

I'm pretty sure this will not work, but I'm curious is anyone has ever done this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sundar.palaniappan Thu, 03/13/2008 - 13:50

I know a router can do this. Router does this by doing recursive route lookup and gets the next hop (gateway) info.

But, I wasn't sure about it on a PIX. I went ahead and configured my lab PIX to test and it sure does work the same way.

Though it works it has some downside you may want to be aware of. Recursive route look up would put additional burden on the PIX cpu. If possible, you should avoid this type of configuration.



sundar.palaniappan Thu, 03/13/2008 - 14:31


It's not a command but a process that router uses.

I shall try to explain this with an example.


int e0

ip add

int e1

ip add

ip route

ip route

When a packet arrives on e1 destined to The router would do a route lookup and determine the next hop is, which isn't one of the connected networks. This is when it would do a recursive route lookup to see if it has a route to and since it does via, which is directly connected, it would send the packet over to

Can I ask you why is it that you would want a route point to the next hop address that's not directly connnected.



crawford.j Thu, 03/13/2008 - 14:37

The issue seems to extend around a clients home office setup. Appearently, there is an ISP whos' directly connected router is in one subnet (private addressing) and the issued client subnet is a Public address. So in this instance the PIX is staticly assigned and Public IP, but has a private IP as the gateway.


This Discussion