Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can I use PIX as default gateway if other routers in inside network?

I have the followinf problem:

- Consider the diagram below

A --(X)--|        C

              |---(X)---(>|)-- Internet

B --(X)--|

where:

(X) = Router

(>|) = PIX Firewall

Can cisco Pix support trafic route/redirect? In the example above suppose the A and B are remote sites.

At location A I have some servers. Now on site C I want me PC's to have a default gateway the PIX firewall. I add an entry

on the PIX for

route outside 0.0.0.0 0.0.0.0 ExtRouterInt 1

rip inside default version 2.

Moreover all traffic is PAT behing PIX external interface. No outside to inside traffic allowed.

From PIX I can ping the Pc's and servers at remote sites since routes are learned through rip. I cannot though ping(even though I enabled icmp) or access (i.e. ftp http telnet) from any PC in LAN A to any other PC to LAN B or C.

Is this normal process? How can I overcome this problem?

Note that I do not wish to use Router on LAN C as default instead since it is not Cisco and I have no access to it's configuration.

Regards.

7 REPLIES
Bronze

Re: Can I use PIX as default gateway if other routers in inside

Hi, The PIX is not going to allow a packet to enter an interface (say the inside interface) and then exit that same interface. Your going to have to use one of the routers at site A or B as your default gateway and not the PIX.

Hope that helps...

New Member

Re: Can I use PIX as default gateway if other routers in inside

Is there a way to force pix to allow this traffic? Reason is that there are more complicated issues that do not allow me to use other routers as default gateway.

Re: Can I use PIX as default gateway if other routers in inside

Hi,

I am afraid not. The pix was not designed to be a full blown router. Sorry.

Kind Regards,

Tom

New Member

Re: Can I use PIX as default gateway if other routers in inside

oh no,

i'm about to move to MCI datacenter where they give me a direct handoff from their network and I was planning on using my PIX as the acceptor of this handoff. Are you telling me that I can't do this?

packets received on outside interface, outside interface has external ip with default gateway given by MCI.

packets routed to internal interfaces 1 through 5 and then routed back out to the internet via outside interface.

Re: Can I use PIX as default gateway if other routers in inside

Hi,

the PIX will route all traffic that arrives at one interfaces, and goes out on another (not the same ) interface.

Kind Regards,

Tom

New Member

Re: Can I use PIX as default gateway if other routers in inside

That's a big dissapointment here as well knowing that other firewalls support this.

I am happy that I brought up this issue, I thought at the beginning that I was the only one who could not find a workaround.

Any ideas if this is going to be 'fixed' in future releases?

Thanks a lot for your feedback.

Re: Can I use PIX as default gateway if other routers in inside

Hi,

I'm not sure it wil be 'fixed' in the next version of the PIX OS.

For the moment, you will have to configure an other router to make it work, sorry.

Kind Regards,

Tom

107
Views
5
Helpful
7
Replies
CreatePlease login to create content