Cisco Support Community
Community Member

ip route

i've got 1 firewall 515e, and one cisco 48 emi switch...

the firewall has 3 interface - inside,outside,dmz

i've connected the inside interface to the ethernet port 1 on the 48 port switch.

this is the mgmt vlan. this vlan allows vlan 2 and 3 (for example) to get through it...these vlans are internal network vlans...

then i've connected the dmz interface of the firewall to ethernet port 45 on the switch...this is dmz mgmt vlan 5...vlan 6 can go through this on ports 46,47 and 48...

basically, i've connected the web server in port 46...

now...the problem:

in the switch setup:

ip route a.b.c.d

where a.b.c.d is the ip address of the inside interface of the firewall...

now, i want the dmz web server traffic to come out through the dmz vlan, and hence, the firewall dmz interface

ip route x.y.z.w

where x.y.z.w is the ip address of the dmz interface of the firewall...

problem is that means that all the vlans will be looking to get out through either of the 2 routes...for instance, i've had the issue that the dmz web server worked, but then the traffic on the inside network stopped (guess it was looking to get out through the dmz vlan and i've specified through trunking that only the dmz vlan is allowed and not vlans 2 and 3)...

how do i deal with this?

can i just type in the network address?

basically ip route x.x.x.x y.y.y.y x.y.w.z

x.x.x.x is this the address of the network on which the web server is on or is this the ip address of the dmz vlan?

if the web server address is (internal) on a subnet

would i type

ip route x.y.z.w (where x.y.w.z is the dmz interface on the firewall)...

where can i get info regarding ip route command with good examples....


Re: ip route

The default route on the PIX should point to the Internet router or your ISP. All other routes should be more specific as described in the following.

Please find a URL about route selection in Cisco devices. It should apply to the PIX as well.



CreatePlease to create content