08-15-2008 12:50 AM - edited 03-03-2019 11:09 PM
Hi all. I have a cisco pix 515e where the internal ip is 192.168.1.254 and dmz ip is 192.168.2.254. I have a router which connects 192.168.1.0/24 subnet with the ip 192.168.1.253 and connects to 192.168.3.0/24 subnet. There is a server on my dmz with the ip 192.168.2.x that i want it to connect to another server in 192.168.3.0/24 subnet. Hence i would like to add a static route on my pix as below.
route 192.168.3.0 255.255.255.0 192.168.1.253
I understand that the ciscopix 515e with version 6.x cannot do hairpinning which is routing using the same interface. Hence for this scenario(which is not hairpinning) will the server in dmz be able to access the server 192.168.3.x after i add the above static route? Thks in advance.
08-15-2008 01:42 AM
route inside 192.168.3.0 255.255.255.0 192.168.1.253
and u need a route on the router aswel
like
ip route 192.168.2.0 255.255.255.0 192.168.254
and u need the following acl on the pix
access-list 100 permit ip 192.168.3.0 255.255.255.0 192.168.3.0 255.255.255.0
access-group 100 ininterface dmz
good luck
please, if helpful rate
08-15-2008 06:50 AM
Hi Marwanshawi,
Thks for the advise. I forgot abt the return path, thk u for highlighting it to me. Basically i post this question because my boss says adding static routes to firewall is not possible. However i feel that as long as its not hairpinning, static routes added to the firewall would work.
08-15-2008 10:19 AM
based on ur config workes for sure
good luck
please, if helpful rate
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: