Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PIX, as a router on a stick, inside int redirect ??

Not sure why the customer wants this but they want to use the inside int of a PIX as a default gateway for users on one inside network, 192.168.x.x to redirect to another inside network 10.x.x.x, I.e. router on a stick kind of deal.

I don't think the PIX can do this.

However, it does take a static route:

inside 192.16.20.0 255.255.255.0 10.4.2.31 1 OTHER static

...again both networks are on the inside.

Is this even possible?

m.

8 REPLIES
Gold

Re: PIX, as a router on a stick, inside int redirect ??

you probably need to use hairpinning for this...available in 7.x PIX OS

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml#ra-sol-2

if you have a spare interface, maybe you could just use that, and route traffic between these networks through the pix.

New Member

Re: PIX, as a router on a stick, inside int redirect ??

I guess I could pick apart this vpn hairpinning technique but this case would not involve vpn's, address pools or other vpn related constructs. After further experimentation, the inside interface route back to the inside second network seems to work, though I get the 802.1q suggestion as a possible alternative solution.

Green

Re: PIX, as a router on a stick, inside int redirect ??

Green

Re: PIX, as a router on a stick, inside int redirect ??

Yes it is possible only with version 7.

Hall of Fame Super Blue

Re: PIX, as a router on a stick, inside int redirect ??

Hi

In addition to what's been suggested, depending on the topology of the inside networks and the model of your pix you can use 802.1q trunking on the pix inside interface and create logical interfaces, so you can assign one to the 192.168.x.x network and one to the 10.x.x.x network.

Jon

Gold

Re: PIX, as a router on a stick, inside int redirect ??

Jon,

i thought of that also. Do you know if hairpinning needs enabled in that situation?

Hall of Fame Super Blue

Re: PIX, as a router on a stick, inside int redirect ??

Hi Steven

Interesting question. As far as i know i the pix treats each logical interface as a separate interface to which you can apply access-lists etc. so i'm pretty sure you would not need hairpinning in this case.

Course, i'm going to have to test it sometime now that you've brought it up :-)

Jon

New Member

Re: PIX, as a router on a stick, inside int redirect ??

Using 801.q trunking you would not need hairpinning. The PIX would treat each VLAN as a sep interface.

285
Views
3
Helpful
8
Replies
CreatePlease to create content