cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
505
Views
0
Helpful
2
Replies

PIX routing

allele333
Level 1
Level 1

My PIX 535 handles the routing on my network. The situation is this: I have a "source IP" that hits a "target IP" on one interface of the PIX for incoming and when I initiate traffic from my server it goes out to the SAME "source IP" on a different interface on the PIX for outgoing.

So for incoming traffic, I use these 2 commands to make the connection work:

static (vpnfront,dmz2) "Source IP" "Source IP" netmask 255.255.255.255

route vpnfront "Source IP" 255.255.255.255 "Outside VPN interface" 1

For outgoing traffic, I use these 2 commands to make the connection work:

static (vpnback,dmz2) "Source IP" "Source IP" netmask 255.255.255.255
route vpnback "Source IP" 255.255.255.255 "Inside VPN Interface" 1

SO the problem is I can't have BOTH static nat and route for the SAME IP bc the PIX simply does really know what to do in this situation. So how do I go about fixing this problem??? I need to be able to have incoming and outgoing traffic without having to manually delete and add the nat and route...

2 Replies 2

kerek
Level 4
Level 4

Hi,

I'm not really sure why do you want to have the two direction to be split, but you might have obvious reason for that.

I'm afraid that PIX will not be able to route the outgoing traffic to the same source IP through two different interfaces conditionally based on the traffic direction.

Somehow you should use two different IP addresses at the source to be able distinguish.

Hope it helps, rate if does

Krisztian

Yes, the different would be ideal but the "source IP" is a client IP and they don't have another one they can use...  Yeah, I was afraid of that... Thanks for the input.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: