How to add static routes with PIX?

jksnook · ‎02-05-2004

Is it possible to add static routes to a PIX and have them work?

Ex. PIX inside IP is 192.168.0.1

VPN concentrator used for remote office VPN's: 192.168.0.2

Remote office connecting via VPN: 192.168.10.0

I want to add a static route on the pix to point to 192.168.0.2 for access to the .10.0 network?

I have set this up as a static route but clients on the .1.0 network cannot route to the .10.0 network without having a local static route setup in the OS.

Thanks,

Jason

mostiguy · ‎02-05-2004

You might be toast. Clients on the .0.x network will need the static route because they cannot send packets to the pix on 0.1, and have the pix send them back out through the concentrator because the pix will not send packets back out the interface they came in on. Adding a static route to the pix thus won't work, except possibly for packets it received on an interface other than the inside one

You could install a router, and segment your network. Having a router (between the client pcs and the pix + vpn box) with a static route to the concentrator for 10.x would alleviate this. Terminating the tunnels on the pix is another option.

tvanginneken · ‎02-05-2004

Hi,

like mostiguy@netnumina.com already said, it is not possible. The only solution is to install an internal router.

PS this 'internal' router can also be an server or workstation with routing configured. By aware of possible performance problems if you don't use a 'real' router.

Kind Regards,

Tom