Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP from e2 subnet works on e1 subnet - bug or feature?

Configuration:

PIX 515E w/6.2.1

Inside: 1.2.3.224/28 (e1 IF = 1.2.3.225)

DMZ: 1.2.3.240/28 (e2 IF = 1.2.3.241)

No translation – all static.

I >accidentally< had a >Windows ME< computer on the Inside IF with the following config:

IP: 1.2.3.250 <<<<< out of range

Mask: 255.255.255.240

Gateway: 1.2.3.225 <<<< or this is out of range

The OS didn’t complain about the ip/gateway not being in the same range, but in any event, the config worked – there was connectivity to the outside. (http://www.whatismyip resulted in 1.2.3.250).

Is this supposed to work? If so, it’s a feature! In the above scenario, I am wasting ips on the dmz that I would like to use on the inside. Why/how is the PIX allowing traffic from an IP on an interface that conflicts with another route/interface?

-Mike Baranowski

1 REPLY
New Member

Re: IP from e2 subnet works on e1 subnet - bug or feature?

No, that shouldn’t work. Check winipcfg and see if the gateway is specified correctly on another interface or something.

87
Views
0
Helpful
1
Replies