say if it's between dmz to inside...then...

For DMZ to inside (or vice-versa), PIX will create the route automatically. Make sure interfaces are up. This happened without having to have address translation between the segment (but translation or no NAT is required later in order to allow hosts in both segments to talk to each other).

But this is for directly connected interface only, not including segment behind L3 device in DMZ or inside segment.

HTH

AK

ok but why do we configure route for all inside hosts say like route inside gateway(which is inside int add) is this for communication with a outside world say like l3 devices after the ouside interfaces

We don't need to do that, and not even required. PIX will generate it automatically.

Example, if this is your IP Addresses looks like:

ip address outside 10.1.1.1 255.255.255.0

ip address inside 10.0.0.2 255.255.255.224

ip address DMZ 172.16.5.10 255.255.255.0

route outside 0.0.0.0 0.0.0.0 10.1.1.254 --> * default route to internet router

Then, PIX will create automatic route to its respective interfaces:

pixfirewall(config)# sh route

outside 0.0.0.0 0.0.0.0 10.1.1.254 1 OTHER static ---> tied to the default route (see *)

inside 10.0.0.0 255.255.255.224 10.0.0.2 1 CONNECT static --> auto-generated by PIX

outside 10.1.1.0 255.255.255.0 10.1.1.1 1 CONNECT static --> auto-generated by PIX

DMZ 172.16.5.0 255.255.255.0 172.16.5.10 1 CONNECT static --> auto-generated by PIX

pixfirewall(config)#

Even if you try to add it (except default route to internet router), PIX will reject it (route already exists).

HTH

AK

You only need that if you have another L3 device (switch/router) hosting another segment:

outside, subnet x <--> PIX <--> Inside (ip yy.yy.yy.1/24 <--> FE0/0 (ip yy.yy.yy.2/24) <-->Router <--> FE0/1 (ip zz.zz.zz.1/24)

Then only you need to add the following in your pix:

route inside zz.zz.zz.0 255.255.255.0 yy.yy.yy.2 1