Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1247
Views
0
Helpful
6
Replies

2-Tier PIX Firewalling issue

zeremy
Level 1
Level 1

‎01-30-2002 05:46 PM - edited ‎02-20-2020 09:58 PM

Quick questions,

2 PIX, each having multiple interfaces/networks.

Can 2 PIX connected directly to each other on one interface or a router is needed between the 2 PIX in order to route traffic between the networks?

What's the main difference of the routing functionality between a Cisco Router and a PIX?

I'm having a nightmare and time is running out.

Appreciate any help, thanks.

Regards,

Zeremy

0 Helpful
6 Replies 6

bdube
Level 2
Level 2

‎01-30-2002 06:07 PM

Zeremy,

First, you don't need a router between your 2 PIX, execpt if you need some routing features or functionality.

PIX isn't a router, they passed trafic from one interface to an another based on some specified rules.

But, my comments is based on what you tell us. Because, you don't explain your needs instead, you exposed a solution (router between PIXes). We don't really know your needs or problems you try to resolve.

Ben

0 Helpful

zeremy
Level 1
Level 1
In response to bdube

‎01-30-2002 06:46 PM

Thanks for the quick reply ben,

I think I'm having a routing problem but I'm not too sure.

Traffic from 1 Network on the inside interface of pix1 seems unable to reach another network which resides on another interface on pix2.

Both pix comes with 6 interfaces/different networks.

Any other information required in order to solve it, let me know, thanks for the generous help.

Regards,

Zeremy

0 Helpful

daipayan_b
Level 1
Level 1
In response to zeremy

‎01-30-2002 10:25 PM

Hi Zeremy,

You have to add static route statements in the PIX's for each subnet .

i.e. In PIX1 add static route for each subnet (or supernet) in PIX2 to exit from the outside interface of pix1(i assume outside of pix1 is connected to pix2) and similarly in pix2 add static route for all the subnets in pix1 to exit from outside of pix2.

Hope that helps.

Daipayan

0 Helpful

zeremy
Level 1
Level 1
In response to daipayan_b

‎01-30-2002 11:31 PM

Thanks,

I'll try it out.

I heard that PIX is not a layer 3 router, and it can't route traffic in and out from the same interface,

Do you think that applies here?

Just a thought.

Zeremy

0 Helpful

jwitherell
Level 1
Level 1
In response to zeremy

‎01-31-2002 06:17 AM

From what I see, you need to tell the PIX which IP addresses/ranges to send to the other PIX. You need to tell it discretely what to send to the other PIX.

The PIX is not a Layer 3 or routing device at all. If you've ever worked with any midrange or mainframe systems, you might be aware that they can be set to direct outbound traffic to specific gateways. Many of the newer systems can even listen to routing protocols to learn which gateways to use to reach subnets more efficiently. You wouldn't call that routing, as it is just a more intelligent gateway selection.

Look at the PIX as having that same capability of those systems. It's able to choose different gateways for different destinations. That's not routing at all.

0 Helpful

bdube
Level 2
Level 2

‎01-31-2002 06:33 AM

Zeremy,

Send me your email address at benoit.dube@cgi.ca. Write your address in core of the message, because i'm forward emails to my customer's mailbox and the forwarding appl (Outlook Expresss) doesn't transpose the sender address when forwarding. Then, i don't have your email address at my customer site right now, only at home.

Thanks

Benoit

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card