Does PIX 501 v6.3(5) support asymmetrical/asynchronous routing?

Unanswered Question
Nov 20th, 2008

Hi,

I have got a PIX 501 running OS 6.3(5). This PIX is connected to a Layer 3 switch with two VLANs set up on it. Data VLAN has the IP address 192.168.1.253 and has PCs connected to it. Voice VLAN has the IP address 192.168.2.254 and has IP phones connected to it.

The PIX is connected to the Data VLAN on the switch and has Inside Interface IP address 192.168.1.254.

When PCs have the default gateway of 192.68.1.253 they can ping hosts on the 192.168.2.0/24 network.

However, when the default gateway of the PCs are changed to 192.168.1.254 (PIX inside interface IP address), they cannot ping any node on the 192.168.2.0/24 network.

The PIX has this static route configured: route inside 192.168.2.0 255.255.255.0 192.168.1.253 1

Does PIX 501 v6.3(5) support asymmetrical/asynchronous routing?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Thu, 11/20/2008 - 04:50

What you need is a feature called "hairpinning" where the firewall can send traffic back out of the interface it was received on.

Pix/ASA v7.x code and upwards supports hairpinning but 6.x code does not. Unfortunately you cannot run v7.x code on either the pix 501 or the pix 506E so you will not be able to do this.

Jon

Actions

This Discussion