Re: Pix with static route

e-see · ‎02-02-2004

I have a pix 515, on a flat 192.168.1.x network. The pix inside is 192.168.1.1. I have another router, 192.168.1.2 where I want to send the network 192.168.2.x traffic to. I put a static route:

route 192.168.2.0 255.255.255.0 192.168.1.2 1

It will not work. What am I missing? Should be easy. I can ping the network form the pix, but not from a worstation with a default route of the pix (192.168.1.1). ?

mtrcek · ‎02-03-2004

Do you have nat-global or static translation made on pix for this hosts? ACL which permits echo-reply?

e-see · ‎02-03-2004

Traffic originating form 192.168.1.x goes out the internet okay (there is a nat and global for this network). But I want traffic for 192.168.2.x network (which has no global or nat) sent to the router at 192.168.1.2 0n the same inside network.

cfenegan · ‎02-03-2004

Hello e-see,

Traffic entering an interface on a PIX cannot then leave by the same interface.

Make the router at 192.168.1.2 the default for your internal hosts and give that router a network route to 192.168.2.0, (via whatever interface is connected to that network) and a default route to the PIX.

You can leave the existing route on the PIX so that it can access the .2 network if required.

Hope this helps.

Clive

e-see · ‎02-03-2004

I would like to but that router is mamanged service for my customer from another vendor so I don't want to touch it. I don't understand why a static route on the pix pointing to a router on the same network will not work. Should be simple. Thanks

e-see · ‎02-03-2004

Is the pix nating the traffic it is sending to the router for the 192.168.2.x network? Do I need an access list with a nat 0?