PIX515E - different public IP networks on the inside

habakukko · ‎02-04-2008

Hi all,

Can someone clarify me on an issue I'm about to face:

My PIX515E is about to handle multiple different public IP ranges that are routed on a single cable from an ISP router, for example:

ISP router inside IP 192.90.114.1 / 255.255.255.248

PIX outside IP 192.90.114.2 / 255.255.255.248

PIX inside IP 192.90.114.65 / 255.255.255.192

PIX intf2 IP 192.90.114.129 / 255.255.255.192

PIX intf3 IP 192.95.124.1 / 255.255.255.128

The default route would be 192.90.114.1, without network-specific static routes.

The ISP router would be configured to route both 192.90.114.0 /24 and 192.95.124.0 /24 networks using a single cable towards the PIX outside interface. Will this pose any problems when one of the inside interfaces (intf3) belongs to a completely different network than the PIX outside IP?

How about when a host 192.90.114.66 tries try to access 192.95.124.2. Would the traffic be routed to the ISP router (192.90.114.1) which would turn it back towards the PIX or would it be routed directly to the right interface if the access-lists allow it?

Jon Marshall · ‎02-04-2008

Hi

As long as the ISP routes both subnet ranges to the outside interface of your pix then you will be fine.

If the 2 network 192.90.114.64 and 192.95.124.0 are on separate interfaces, which they are the pix will route between the 2 interfaces without going to the ISP router. The default route pointing to the ISP router will only be used when the pix does not have a more specific route and in this case it will as the networks are directly connected.

HTH

Jon