cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
350
Views
5
Helpful
1
Replies

Does PIX 501 v6.3(5) support asymmetrical/asynchronous routing?

a.ajiboye
Level 1
Level 1

Hi,

I have got a PIX 501 running OS 6.3(5). This PIX is connected to a Layer 3 switch with two VLANs set up on it. Data VLAN has the IP address 192.168.1.253 and has PCs connected to it. Voice VLAN has the IP address 192.168.2.254 and has IP phones connected to it.

The PIX is connected to the Data VLAN on the switch and has Inside Interface IP address 192.168.1.254.

When PCs have the default gateway of 192.68.1.253 they can ping hosts on the 192.168.2.0/24 network.

However, when the default gateway of the PCs are changed to 192.168.1.254 (PIX inside interface IP address), they cannot ping any node on the 192.168.2.0/24 network.

The PIX has this static route configured: route inside 192.168.2.0 255.255.255.0 192.168.1.253 1

Does PIX 501 v6.3(5) support asymmetrical/asynchronous routing?

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

What you need is a feature called "hairpinning" where the firewall can send traffic back out of the interface it was received on.

Pix/ASA v7.x code and upwards supports hairpinning but 6.x code does not. Unfortunately you cannot run v7.x code on either the pix 501 or the pix 506E so you will not be able to do this.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: