Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX-515E routing between inside and outside

I know this should be a very easy solution, but I have yet to solve how to route between the two interfaces. Meaning subnetA currently cannot connect to subnetB. I think that it is just a route issue, but I do not know. Please help.

2 REPLIES
New Member

Re: PIX-515E routing between inside and outside

It probably has to do with the security levels or access-list. Post your config and a small diagram.

New Member

Re: PIX-515E routing between inside and outside

PIX devices technically don't route between interfaces. To move traffic from one interface to another you must have a NAT translation set up between interfaces.

If you don't want to NAT to a different address range, you can NAT to the same addresses (like NATting from 192.168.1.0/24 to 192.168.1.0/24), but it does not act like a router and move traffic from interface to interface based on routing rules.

If you look at PIX config examples, you will see the NAT statements in the examples.

This is in addition to the issue of traffic being automatically permitted from a higher security # interface to a lower interface, but needing ACLs to permit traffic to originate at a lower security value interface to a higher security value interface.

173
Views
0
Helpful
2
Replies