Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
5
Helpful
7
Replies

Can I use PIX as default gateway if other routers in inside network?

pavlosd
Level 2
Level 2

‎01-24-2003 10:28 AM - edited ‎02-20-2020 10:31 PM

I have the followinf problem:

- Consider the diagram below

A --(X)--|        C

              |---(X)---(>|)-- Internet

B --(X)--|

where:

(X) = Router

(>|) = PIX Firewall

Can cisco Pix support trafic route/redirect? In the example above suppose the A and B are remote sites.

At location A I have some servers. Now on site C I want me PC's to have a default gateway the PIX firewall. I add an entry

on the PIX for

route outside 0.0.0.0 0.0.0.0 ExtRouterInt 1

rip inside default version 2.

Moreover all traffic is PAT behing PIX external interface. No outside to inside traffic allowed.

From PIX I can ping the Pc's and servers at remote sites since routes are learned through rip. I cannot though ping(even though I enabled icmp) or access (i.e. ftp http telnet) from any PC in LAN A to any other PC to LAN B or C.

Is this normal process? How can I overcome this problem?

Note that I do not wish to use Router on LAN C as default instead since it is not Cisco and I have no access to it's configuration.

Regards.

0 Helpful
7 Replies 7

mike-greene
Level 4
Level 4

‎01-24-2003 11:53 AM

Hi, The PIX is not going to allow a packet to enter an interface (say the inside interface) and then exit that same interface. Your going to have to use one of the routers at site A or B as your default gateway and not the PIX.

Hope that helps...

0 Helpful

pavlosd
Level 2
Level 2
In response to mike-greene

‎01-25-2003 02:23 AM

Is there a way to force pix to allow this traffic? Reason is that there are more complicated issues that do not allow me to use other routers as default gateway.

0 Helpful

tvanginneken
Level 4
Level 4
In response to pavlosd

‎01-25-2003 08:57 AM

Hi,

I am afraid not. The pix was not designed to be a full blown router. Sorry.

Kind Regards,

Tom

0 Helpful

dlabbadia01
Level 1
Level 1
In response to tvanginneken

‎01-25-2003 11:53 AM

oh no,

i'm about to move to MCI datacenter where they give me a direct handoff from their network and I was planning on using my PIX as the acceptor of this handoff. Are you telling me that I can't do this?

packets received on outside interface, outside interface has external ip with default gateway given by MCI.

packets routed to internal interfaces 1 through 5 and then routed back out to the internet via outside interface.

0 Helpful

tvanginneken
Level 4
Level 4
In response to dlabbadia01

‎01-25-2003 04:35 PM

Hi,

the PIX will route all traffic that arrives at one interfaces, and goes out on another (not the same ) interface.

Kind Regards,

Tom

pavlosd
Level 2
Level 2
In response to tvanginneken

‎01-26-2003 01:49 AM

That's a big dissapointment here as well knowing that other firewalls support this.

I am happy that I brought up this issue, I thought at the beginning that I was the only one who could not find a workaround.

Any ideas if this is going to be 'fixed' in future releases?

Thanks a lot for your feedback.

0 Helpful

tvanginneken
Level 4
Level 4
In response to pavlosd

‎01-27-2003 01:02 PM

Hi,

I'm not sure it wil be 'fixed' in the next version of the PIX OS.

For the moment, you will have to configure an other router to make it work, sorry.

Kind Regards,

Tom

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card