Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515E supports basic static routing?

Just want to make sure before telling a customer to purchase this firewall. Basically this customer uses about 15 subnets (over the course of a couple years has gradually grown needing more and more IPs). But some of his servers, for various reasons, aren't on the same subnet as another server and so when transferring traffic it goes through to my router. My router contains it all in their vlan, but appears to still count it as traffic for them. It's not so simple as it seems for them to change their servers' IPs, so they want to put a firewall in between their switch and my router that does basic static routing. That way the inter-subnet routing is handled by their firewall and my router only gets traffic destined for other networks. They are assured I'm not counting more traffic than they're really using and they get firewall protection.

So I would just assign the PIX a /30 like I would any customer's router and route their subnets to it. Nothing would change on the servers (a critical requirement). They would have the same public IPs and the same gateway. Although they might need to clear their arp caches on their servers as the gateway is now their firewall instead of my router.

Even better would be if the PIX 515E supported ospf in this manner.


Re: PIX 515E supports basic static routing?


You are in luck..the PIX supports both static routing and OSPF.

Here's an example of how to add static routes:

route inside 1

Here's a link on how to configure OSPF on the PIX:

Hope that helps - pls rate the post if it does.


New Member

Re: PIX 515E supports basic static routing?

This will help You

As pix 515 supports both OSPF and Static routing


New Member

Re: PIX 515E supports basic static routing?

Thanks for your responses paresh and CK. Looks great, but I just want to be very clear so I don't steer my customer in the wrong direction. I don't need routing on the inside interface. The servers behind the firewall will have publicly accessible IP addresses. No NAT/PAT involved whatsoever. The firewall will be the gateway (also a publicly accessible IP as the last usable IP in the same subnet of each server's main IP). The firewall will then act as a router and simply route all packets to my router.

So in essence, the firewall will at least provide the exact same functionality as a very simple router.

CreatePlease login to create content