Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
271
Views
0
Helpful
3
Replies

PIX: Same network via different interfaces

lxcollin1
Level 1
Level 1

‎01-01-2006 10:23 AM - edited ‎02-21-2020 12:37 AM

Hello,

I have a pix that has a route to a network on my inside interface, but there is one host within that network range that is on an outside interface. How can I have a route to a network on my inside interface and still be able to connect to the host on my outside interface? Host routes are not an option becuase the host address lives on both sides. Both sides need to communicate with each other.

Any ideas???

Thanks!!

Lee

0 Helpful
3 Replies 3

mheusinger
Level 10
Level 10

‎01-01-2006 11:51 AM

Hi,

the easiest option would be changing the outside hosts IP address.

In case this is not an option you need to configure NAT with a NAT IP assigned inside for the outside host and an outside IP for the inside host(s).

Host inside and outside to communicate: 10.1.1.1

ip nat inside source static 10.1.1.1 192.168.1.1

ip nat outside source static 10.1.1.1 192.168.2.1

Host inside should ping 192.168.2.1 and connect to Host outside, who will respond to 192.168.1.1.

IP routing needs to be setup for 192.168.1.1 und 192.168.2.1 respectively.

Hope this helps

Martin

0 Helpful

arunsing
Level 1
Level 1

‎01-01-2006 08:25 PM

Hi Lee,

There should not be much an issue as pix will take more specific route. But you should take care that there is not static statement for the entire subnet pointing to inside. if there is one you need to remove that and use nat will access-list instead and eliminating that IP address.

Thanks

Arun

0 Helpful

jackko
Level 7
Level 7
In response to arunsing

‎01-02-2006 02:44 PM

totally agree with arun.

e.g.

pix# sh route

outside 192.168.2.154 255.255.255.255 192.168.1.1 1 OTHER static

outside 192.168.2.157 255.255.255.255 192.168.1.1 1 OTHER static

pix# sh ip

System IP Addresses:

ip address dmz1 192.168.2.155 255.255.255.0

the pix has 192.168.2.x subnet directly connected with interface dmz1, however, the static routes are still effective. in fact, this sample is being cut/paste from a production box.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card