cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
428
Views
0
Helpful
6
Replies

PIX 501 with Outside IP different from Gateway

crawford.j
Level 1
Level 1

I have an interesting PIX issue. A client is trying to route outside traffic to a gateway in a different subnet. I have never seen this configuration before. According to the ISP, I need to run the following config.:

ip address outside 206.138.x.x 255.255.255.0

route outside 0 0 10.1.7.1

route outside 10.1.7.0 255.255.255.0 <outside IP>

I'm pretty sure this will not work, but I'm curious is anyone has ever done this?

6 Replies 6

I know a router can do this. Router does this by doing recursive route lookup and gets the next hop (gateway) info.

But, I wasn't sure about it on a PIX. I went ahead and configured my lab PIX to test and it sure does work the same way.

Though it works it has some downside you may want to be aware of. Recursive route look up would put additional burden on the PIX cpu. If possible, you should avoid this type of configuration.

HTH

Sundar

Sundar,

What was the Recursive route lookup commands?

John,

It's not a command but a process that router uses.

I shall try to explain this with an example.

Eg.

int e0

ip add 192.168.1.1 255.255.255.0

int e1

ip add 5.5.5.5 255.255.255.255.0

ip route 10.1.1.0 255.255.255.0 172.16.1.1

ip route 172.16.1.1 255.255.255.255 192.168.1.2

When a packet arrives on e1 destined to 10.1.1.1. The router would do a route lookup and determine the next hop is 172.16.1.1, which isn't one of the connected networks. This is when it would do a recursive route lookup to see if it has a route to 172.16.1.1 and since it does via 192.168.1.2, which is directly connected, it would send the packet over to 192.168.1.2

Can I ask you why is it that you would want a route point to the next hop address that's not directly connnected.

HTH

Sundar

The issue seems to extend around a clients home office setup. Appearently, there is an ISP whos' directly connected router is in one subnet (private addressing) and the issued client subnet is a Public address. So in this instance the PIX is staticly assigned and Public IP, but has a private IP as the gateway.

Can you post a sanitized copy of the PIX configuration and the ISP router addresses.

Sundar,

What was the Recursive route lookup commands?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: