Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 525 handles specific routes

Hi all,

can advise on whether PIX 525 is able to handle specific routes in its routing table?

This is because I have configured two static routes on the PIX:

route inside 10.0.0.0 255.0.0.0 192.168.1.2 1

route private 10.1.1.0 255.255.255.0 172.16.1.2 1

I have carried out a capture command on the two interfaces and below is the result:

pix# sh capture private

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

pix# sh capture dmz

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.100.90.51 > 10.1.1.113: icmp echo reply (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.100.90.51 > 10.1.1.113: icmp echo reply (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.100.90.51 > 10.1.1.113: icmp echo reply (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

Also, I have checked my syslog and all that is shown is the below error:

%PIX-6-110001: No route to 10.1.1.113 from 10.100.90.51

TIA!

3 REPLIES
New Member

Re: PIX 525 handles specific routes

Hi all,

sorry, the second capture should be:

pix# sh capture inside

sorry for the typo errror.

Re: PIX 525 handles specific routes

Hi,

Can you share the config, specifically from the "static (x,y) y,x' command to the route statement? You may hide public IP for confidentiality.

As for the routing, it is recommended to put the specific route (longest match) first before putting the general route.

In you route statement, route to 10.1.1.0 was 'eaten' by the ' route inside 10.0.0.0 ... " statement. But this could be influence be the "static (x,y)" command as well, if any.

Hope this helps. Pls rate all useful post(s).

Cheers!

AK

New Member

Re: PIX 525 handles specific routes

hi AK,

below are some configuration on the pix 525 which will be useful

nameif ethernet1 inside security100

nameif ethernet2 private security20

I am pinging from the private interface to the inside interface:

from 10.1.1.113 to 10.100.90.51

for access from a lower security interface to a higher security interface, a static NAT and ACL is configured

static (inside,private) 10.100.90.0 10.100.90.0 netmask 255.255.255.0 0 0

access-list private_access_in permit ip 10.1.1.0 255.255.255.0 10.0.0.0 255.0.0.0

Let me know if there's any other information which you require. I am wondering whether the PIX is able to understand specific routes like a router. Thanks!

Regards,

Jon

134
Views
0
Helpful
3
Replies
CreatePlease to create content