Is it possible for config on PIX 515 v5.3(4)

Unanswered Question
Mar 17th, 2009

Hi all

I was wondering whether it's possible to define a same subnet that exist on both the inside and outside interfaces on a PIX 515 running ver 6.3(4). For instance a subnet of I'm setting up the PIX to receive RIP routing update from the inside router for routes. Also setup on the PIX is site-site VPN for subnet. Under normal circumstances, the PIX will route traffic for towards the inside router and should the WAN link to fails, the router stopped advertising to PIX. The PIX will then use a floating static route for (with AD=5) to route traffic towards the site-site VPN.

So far I've been able to define floating static routes and configure passive RIP on the PIX. Then realised that I have to define the same subnet on two different interfaces and I don't think the PIX will like this.

Thanks for your help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ldardon Mon, 03/23/2009 - 12:12

I think you should not configure the PIX inside and outside interface with the same subnet. The device will give some error.In this case PIX behaves like a router, so all of its interfaces should be in different networks. If the user wants to inspect the traffic in the same network then you can configure PIX in transparent mode.Now the PIX acts like switch.

hobbe Tue, 03/24/2009 - 08:19

I do not think this would work well with the software version you have.

I can not se a way for this to work properly.

there are several different problems with this. one would be how the interfaces would know what side the packet would need to be sent on.

vincent-n Tue, 03/24/2009 - 15:25

I've received an answer from a PIX/ASA engineer working at a large telecommunication organisation stating that it's quite alright to configure passive RIP on the inside interface and a floating static route for the same subnet/s on the outside interface. I'm going to setup a test network and see if this is possible or not. What I know now is that I've been able to configure passitve RIP and floating static route on the PIX firewall. Check out the output on my firewall below:

Firewall# sho route | inc 10.1

inside 3 OTHER static

inside 2 RIP

outside 4 OTHER static

inside 2 RIP

outside 4 OTHER static



This Discussion