Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX 501 with Outside IP different from Gateway

I have an interesting PIX issue. A client is trying to route outside traffic to a gateway in a different subnet. I have never seen this configuration before. According to the ISP, I need to run the following config.:

ip address outside 206.138.x.x 255.255.255.0

route outside 0 0 10.1.7.1

route outside 10.1.7.0 255.255.255.0 <outside IP>

I'm pretty sure this will not work, but I'm curious is anyone has ever done this?

6 REPLIES

Re: PIX 501 with Outside IP different from Gateway

I know a router can do this. Router does this by doing recursive route lookup and gets the next hop (gateway) info.

But, I wasn't sure about it on a PIX. I went ahead and configured my lab PIX to test and it sure does work the same way.

Though it works it has some downside you may want to be aware of. Recursive route look up would put additional burden on the PIX cpu. If possible, you should avoid this type of configuration.

HTH

Sundar

Community Member

Re: PIX 501 with Outside IP different from Gateway

Sundar,

What was the Recursive route lookup commands?

Re: PIX 501 with Outside IP different from Gateway

John,

It's not a command but a process that router uses.

I shall try to explain this with an example.

Eg.

int e0

ip add 192.168.1.1 255.255.255.0

int e1

ip add 5.5.5.5 255.255.255.255.0

ip route 10.1.1.0 255.255.255.0 172.16.1.1

ip route 172.16.1.1 255.255.255.255 192.168.1.2

When a packet arrives on e1 destined to 10.1.1.1. The router would do a route lookup and determine the next hop is 172.16.1.1, which isn't one of the connected networks. This is when it would do a recursive route lookup to see if it has a route to 172.16.1.1 and since it does via 192.168.1.2, which is directly connected, it would send the packet over to 192.168.1.2

Can I ask you why is it that you would want a route point to the next hop address that's not directly connnected.

HTH

Sundar

Community Member

Re: PIX 501 with Outside IP different from Gateway

The issue seems to extend around a clients home office setup. Appearently, there is an ISP whos' directly connected router is in one subnet (private addressing) and the issued client subnet is a Public address. So in this instance the PIX is staticly assigned and Public IP, but has a private IP as the gateway.

Re: PIX 501 with Outside IP different from Gateway

Can you post a sanitized copy of the PIX configuration and the ISP router addresses.

Community Member

Re: PIX 501 with Outside IP different from Gateway

Sundar,

What was the Recursive route lookup commands?

164
Views
0
Helpful
6
Replies
CreatePlease to create content