Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

routing on pix

Hi,my network has a default gateway, the inside interface of a pixfirewall.

There is a workaround to permit the pix to route traffic, incoming in its inside interface, vs a destination outbound the same interface???

e.g:

the pakets come into inside are routed and sent outbound the inside:

ip address inside 10.10.10.10 255.255.255.0

route inside 172.16.0.0 255.255.0.0 10.10.10.200

this is by default denied.

thank's in advance

Graziano

3 REPLIES
New Member

Re: routing on pix

The PIX does not act as a router. You may need to set the users default gateway to another router on your LAN which can get to all your networks but which will forward external traffic (Internet etc) via the PIX. Alternatively, you could connect the other network to a different PIX interface. Hope that helps.

New Member

Re: routing on pix

Hi,

thanks,

Graziano

New Member

Re: routing on pix

The reason this doesn't work is because the PIX will not send out ICMP redirects. In your example you want your default gateway (10.10.10.10) to redirect the clients to 10.10.10.200 if they are destined for 172.16.0.0. Routers don't actually "route" these packets in and back out the same interface, they send an ICMP redirect to the client and the client adds this route to its internal routing table. From that point on the client talks directly to the 10.10.10.200 router. The PIX will not do ICMP redirects on any port, therefore it can not be the default gateway on a subnet with multiple routers. Just in case you wanted to know why.

95
Views
0
Helpful
3
Replies