PIX routing

Unanswered Question
Jan 14th, 2010

My PIX 535 handles the routing on my network. The situation is this: I have a "source IP" that hits a "target IP" on one interface of the PIX for incoming and when I initiate traffic from my server it goes out to the SAME "source IP" on a different interface on the PIX for outgoing.

So for incoming traffic, I use these 2 commands to make the connection work:

static (vpnfront,dmz2) "Source IP" "Source IP" netmask 255.255.255.255

route vpnfront "Source IP" 255.255.255.255 "Outside VPN interface" 1

For outgoing traffic, I use these 2 commands to make the connection work:

static (vpnback,dmz2) "Source IP" "Source IP" netmask 255.255.255.255
route vpnback "Source IP" 255.255.255.255 "Inside VPN Interface" 1

SO the problem is I can't have BOTH static nat and route for the SAME IP bc the PIX simply does really know what to do in this situation. So how do I go about fixing this problem??? I need to be able to have incoming and outgoing traffic without having to manually delete and add the nat and route...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Hi,

I'm not really sure why do you want to have the two direction to be split, but you might have obvious reason for that.

I'm afraid that PIX will not be able to route the outgoing traffic to the same source IP through two different interfaces conditionally based on the traffic direction.

Somehow you should use two different IP addresses at the source to be able distinguish.

Hope it helps, rate if does

Krisztian

allele333 Thu, 01/14/2010 - 08:01

Yes, the different would be ideal but the "source IP" is a client IP and they don't have another one they can use...  Yeah, I was afraid of that... Thanks for the input.

Actions

This Discussion