Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
2
Replies

Using PIX as default gateway for routing to internal networks

jsluzewski
Level 1
Level 1

‎04-18-2003 08:31 AM - edited ‎02-20-2020 10:42 PM

Can PIX be used as a default router for hosts that need to reach other internal networks? Access to these networks is through a router connected to the inside subnet.

Does PIX support ICMP redirects?

Jarek

0 Helpful
2 Replies 2

yizhar
Level 1
Level 1

‎04-18-2003 02:33 PM

HI.

> Does PIX support ICMP redirects?

No.

That's one feature that should be added.

I had the same problem myself with several similar scenarios.

The 2 solutions that I know of are:

* Deploy static routers to servers (and workstations if needed).

This can be done using login script for workstations (only if they need access to the other network), and permanent static routes on servers.

For W2K servers use:

route -p add .....

For Windows workstations, use:

route add ...

* Use a router as default gateway. This could be the existing router used for the internal connection, or an additional router purchased for that task (or a L3 switch).

* There is also the option to use RIP, but this will not help the workstations so for small networks it won't help much.

Both solutions aren't perfect and each has its disadvantages.

I normally preffer the first solution for small networks, because the other solution (DG to the router) - adds an additional point of failure: If the internal router fails, the Internet connection fails also with no need.

If only few servers and administrator workstation needs connectivity to remote hosts, you can apply the static routes only to them.

Yizhar

0 Helpful

przyboro
Level 1
Level 1
In response to yizhar

‎05-02-2003 11:08 AM

Is this the case for ICMP redirects or all redirects?

I seem to be in a similar situation where I have a router on my inside network which routes to a subnet. I have added a route to the PIX as such:

route 1

The PIX itself can now ping the subnet on the other side of the router. However, no hosts on the inside network can ping the subnet.

The PIX returns this error in its log:

110001: No route to from

So why is it that the PIX can ping the subnet but not any other host.

Rodney

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card