Cisco Support Community
Community Member

Using PIX as default gateway for routing to internal networks

Can PIX be used as a default router for hosts that need to reach other internal networks? Access to these networks is through a router connected to the inside subnet.

Does PIX support ICMP redirects?


Community Member

Re: Using PIX as default gateway for routing to internal network


> Does PIX support ICMP redirects?


That's one feature that should be added.

I had the same problem myself with several similar scenarios.

The 2 solutions that I know of are:

* Deploy static routers to servers (and workstations if needed).

This can be done using login script for workstations (only if they need access to the other network), and permanent static routes on servers.

For W2K servers use:

route -p add .....

For Windows workstations, use:

route add ...

* Use a router as default gateway. This could be the existing router used for the internal connection, or an additional router purchased for that task (or a L3 switch).

* There is also the option to use RIP, but this will not help the workstations so for small networks it won't help much.

Both solutions aren't perfect and each has its disadvantages.

I normally preffer the first solution for small networks, because the other solution (DG to the router) - adds an additional point of failure: If the internal router fails, the Internet connection fails also with no need.

If only few servers and administrator workstation needs connectivity to remote hosts, you can apply the static routes only to them.


Community Member

Re: Using PIX as default gateway for routing to internal network

Is this the case for ICMP redirects or all redirects?

I seem to be in a similar situation where I have a router on my inside network which routes to a subnet. I have added a route to the PIX as such:

route 1

The PIX itself can now ping the subnet on the other side of the router. However, no hosts on the inside network can ping the subnet.

The PIX returns this error in its log:

110001: No route to from

So why is it that the PIX can ping the subnet but not any other host.


CreatePlease to create content