I was wondering whether it's possible to define a same subnet that exist on both the inside and outside interfaces on a PIX 515 running ver 6.3(4). For instance a subnet of 10.10.1.0/24. I'm setting up the PIX to receive RIP routing update from the inside router for 10.10.1.0/24 routes. Also setup on the PIX is site-site VPN for 10.10.1.0/24 subnet. Under normal circumstances, the PIX will route traffic for 10.10.1.0/24 towards the inside router and should the WAN link to 10.10.1.0/24 fails, the router stopped advertising 10.10.1.0/24 to PIX. The PIX will then use a floating static route for 10.10.1.0/24 (with AD=5) to route traffic towards the site-site VPN.
So far I've been able to define floating static routes and configure passive RIP on the PIX. Then realised that I have to define the same subnet 10.10.1.0/24 on two different interfaces and I don't think the PIX will like this.
I think you should not configure the PIX inside and outside interface with the same subnet. The device will give some error.In this case PIX behaves like a router, so all of its interfaces should be in different networks. If the user wants to inspect the traffic in the same network then you can configure PIX in transparent mode.Now the PIX acts like switch.
I've received an answer from a PIX/ASA engineer working at a large telecommunication organisation stating that it's quite alright to configure passive RIP on the inside interface and a floating static route for the same subnet/s on the outside interface. I'm going to setup a test network and see if this is possible or not. What I know now is that I've been able to configure passitve RIP and floating static route on the PIX firewall. Check out the output on my firewall below:
Firewall# sho route | inc 10.1
inside 10.1.0.0 255.255.0.0 10.10.3.11 3 OTHER static
inside 10.1.3.0 255.255.255.0 10.10.3.21 2 RIP
outside 10.1.3.0 255.255.255.0 203.xxx.xxx.97 4 OTHER static
inside 10.1.100.0 255.255.255.0 10.10.3.21 2 RIP
outside 10.1.100.0 255.255.255.0 203.xxx.xxx.97 4 OTHER static
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...