Re: route

aksher · ‎10-01-2006

does all the int traffic need to be configured to route traffic via respective gateways or directly connected interfaces will assume routes through respective gateways by default?

m.sir · ‎10-01-2006

You need specific route for destination network or deafault route for "unknown" networks - packet is dropped when destination network has no record entry in routing table

M.

a.kiprawih · ‎10-03-2006

Hi,

If the segment is directly connected to the firewall interface (interface uses IP belongs to the same subnet), i.e firewall inside interface connect to switch, and all users also connected to the same switch, the answer is NO. In this case, all clients will point to firewall interface IP as GW.

If the firewall interface is connected to a L3 device (router or L3 switch), and you have another subnet or segment located on the other side of that device's interface, then the answer is YES. In your firewall, you need to specify route to that subnet/segment is via the interface IP of the router or L3 switch facing your firewall interface.

e.g

firewall(inside-IP A) <-> (Fa0/0-IP B) Router/L3 Switch (Fa0/1-IP C) <-> subnet/segment X

firewall route:

route inside IP B

Router/L3 Switch route:

ip route 0.0.0.0 0.0.0.0 IP A

Rgds,

AK

dpopli · ‎10-12-2006

basically you need to setup default route

route outside 0.0.0.0 0.0.0.0 INTERNET

and for inside and outside for other then default routes

route inside 10.1.0.0 255.55.255.0 172.30.17.2

route outside 10.2.0.0 255.255.255.0 203.200.89.76

pls rate if it helps