Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX: Same network via different interfaces

Hello,

I have a pix that has a route to a network on my inside interface, but there is one host within that network range that is on an outside interface. How can I have a route to a network on my inside interface and still be able to connect to the host on my outside interface? Host routes are not an option becuase the host address lives on both sides. Both sides need to communicate with each other.

Any ideas???

Thanks!!

Lee

3 REPLIES

Re: PIX: Same network via different interfaces

Hi,

the easiest option would be changing the outside hosts IP address.

In case this is not an option you need to configure NAT with a NAT IP assigned inside for the outside host and an outside IP for the inside host(s).

Host inside and outside to communicate: 10.1.1.1

ip nat inside source static 10.1.1.1 192.168.1.1

ip nat outside source static 10.1.1.1 192.168.2.1

Host inside should ping 192.168.2.1 and connect to Host outside, who will respond to 192.168.1.1.

IP routing needs to be setup for 192.168.1.1 und 192.168.2.1 respectively.

Hope this helps

Martin

Community Member

Re: PIX: Same network via different interfaces

Hi Lee,

There should not be much an issue as pix will take more specific route. But you should take care that there is not static statement for the entire subnet pointing to inside. if there is one you need to remove that and use nat will access-list instead and eliminating that IP address.

Thanks

Arun

Gold

Re: PIX: Same network via different interfaces

totally agree with arun.

e.g.

pix# sh route

outside 192.168.2.154 255.255.255.255 192.168.1.1 1 OTHER static

outside 192.168.2.157 255.255.255.255 192.168.1.1 1 OTHER static

pix# sh ip

System IP Addresses:

ip address dmz1 192.168.2.155 255.255.255.0

the pix has 192.168.2.x subnet directly connected with interface dmz1, however, the static routes are still effective. in fact, this sample is being cut/paste from a production box.

143
Views
0
Helpful
3
Replies
CreatePlease to create content