Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
625
Views
0
Helpful
7
Replies

PIX + routing

jdlafferty
Level 1
Level 1

‎11-02-2006 12:08 PM - edited ‎02-21-2020 01:17 AM

I have a pix 515 that has a router for its GW on the inside and outside interfaces, however it connects through a 6509 doing L3 routing. My problem is recently we have had the need to introduce eigrp into the network and whenever I start it up on our routers certain applications that traverse the firewall dont connect properly. There is L3 / ping connectivity, but the app doesnt run. As soon as I remove routing from the routers it works fine. Is there a command on the PIX that I can use to listen to dynamic route traffic, or am I missing something here.

Thanks

0 Helpful
7 Replies 7

Fernando_Meza
Level 7
Level 7

‎11-02-2006 06:00 PM

Hi .. indeed the PIX only supports RIP and OSPF. You might need to configure OSPF between your routers, Switch and your PIX or configure static routes on your PIX

I hope it helps .. please rate if it does

0 Helpful

jaffer_sathik2010
Level 1
Level 1

‎11-03-2006 01:57 AM

Hi,

In a webpage I got a message that PIX 515E only supports OSPF and not any other routing protocol even RIP .

http://www.dealtime.com/xPF-Cisco_PIX_Firewall_515E_Unrestricted_Bundle_PIX_515E_UR_BUN~r-1~CLT-INTR~RFR-www.google.co.in

I have not worked on 515E but have experienced with PIX 501. 501 also only supports OSPF and not any other routing protocols.

Thanks,

--Jaffer

0 Helpful

a.kiprawih
Level 7
Level 7
In response to jaffer_sathik2010

‎11-03-2006 08:40 PM

There might be other option like redistributing static over eigrp.

But in order to qualify this, how's the network connectivity looks like, i.e firewal connection to inside and outside network? Where do the Cat6509 and router sits?

HTH

AK

0 Helpful

jdlafferty
Level 1
Level 1
In response to a.kiprawih

‎11-06-2006 08:25 AM

our network has an edge internet router going directly into the FW. The FW then has 3 interfaces going into vlans on the 6509 (dmz's) and 1 interface going into a hub router for other branches P2P T1's. I think mthe problem lies somewhere betweeb the 6509 and Hub router.

0 Helpful

jdlafferty
Level 1
Level 1
In response to jdlafferty

‎11-06-2006 09:35 AM

I should also say that the PIX has a route for "inside" traffic to go to the hub router not the 6509. Maybe that is my problem.

0 Helpful

bgandhi
Level 1
Level 1

‎11-09-2006 09:38 PM

Hi,

I feel,If your traffic works fine when routing protocol is not there, means the PIX is doing its job properly. When you enable routing protocol then the traffic must be following different paths. e.g different path for incoming and outgoing directions. Please check for asymetric routing.

Regards,

Bhavesh

0 Helpful

colin
Level 1
Level 1
In response to bgandhi

‎11-10-2006 01:36 AM

Yep - if IP connectivity is good end-to-end (since ping works ok), then it does appear to be asymmetric routing.

The PIX may be missing parts of the application conversation because (for example), the initial TCP SYN from the client passes through the PIX, the SYN ACK from the server travels a different path back to the client ie. not via the PIX, so the firewall can't update the state of the TCP session, and thus, the final ACK in the TCP setup from the client to the server, passing along the path to the firewall, is discarded because the PIX sees it as an out-of-state packet.

The process may repeat until the application gives up.

I've seen this situation many times.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card