Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
850
Views
0
Helpful
4
Replies

Can you add a static route for the inside interface of a PIX to point to a router on the same inside network?

admin_2
Level 3
Level 3

‎07-08-2002 09:54 AM - edited ‎02-20-2020 10:09 PM

When I add a static route on a PIX for the inside i/f, to redirect traffic to a router on the inside network, the traffic doesnt route to the router. e.g. a PC has DG=192.168.1.254 which is the inside i/f of the PIX. Its trying to reach 192.168.2.0 network. The PIX has command "route inside 192.168.2.0 255.255.255.0 192.168.1.250" where 250 is the router. If I ping from the host, it doesnt reach the 192.168.2.0 network.

Therefore can the PIX redirect traffic from the same interface to another router??

0 Helpful
4 Replies 4

Not applicable

‎07-08-2002 09:54 AM

This is normal, the pix will not route. If there is a router on the inside of the pix, you need to set the client default g/w to the router and have the router default route point to the pix.

0 Helpful

keithw99
Level 1
Level 1

‎07-26-2002 02:36 AM

I'm currently running a network that I believe is doing exactly what you're asking. The route statement in the PIX looks correct, but one common thing that people forget is to add that inside network between the PIX and router(192.168.1.0) to your PIX configuration. If you are NATing that network, put the appropriate NAT commands. If you are not NATing that network, you need to give it the nat 0 command: nat (inside) 0 192.168.1.0 255.255.255.x. Additionally you may need the static command: static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.x 0 0.

If you have any hosts on the network between the PIX and router (such as an Intrusion Detection System), the default gateway of these hosts needs to be the inside router (192.168.1.250), NOT the PIX. For some reason it doesn't work when pointing those hosts to the PIX. Hope this helps.

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to keithw99

‎07-29-2002 10:41 PM

Just to clarify things here, the PIX will NOT route a packet back out the same interface it came in on. This is due to the intenal hardware architecture of the PIX and can't be changed.

If you have a host on the inside network, you're better off setting it's default gateway to the internal router. It will then be able to connect to the 192.168.2.0 network, and if the default gatewya on the inside router points to the PIX, then the host will be able to get to the Internet because the router will redirect the traffic back out to the PIX.

The PIX will NOT redirect traffic back to the router.

0 Helpful

mmeditz
Level 1
Level 1
In response to gfullage

‎08-10-2002 11:30 PM

The PIX doesn't support ICMP Redirects.

Cisco Routers do.

Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card