Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
How to configure routing on the PIX Firewall
In many instances, you need to enable routing on the PIX Firewall to connect to devices on networks that are not directly connected. This is accomplished by manually configuring static routes or by using Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) to dynamically learn routes.
To create a static route statement on the PIX Firewall, issue the route command.
For example, this command is issued to create a route for the 192.168.1.0 network:
route inside 192.168.1.0 255.255.255.0 x.x.x.x
Only one default route can be configured on the PIX Firewall, as shown in this example:
route outside 0.0.0.0 0.0.0.0 x.x.x.x
In this example, x.x.x.x. is the IP address of the next hop.
When the PIX Firewall has RIP enabled, it learns where everything is on the network by passively listening for RIP network traffic. When the PIX Firewall interface receives RIP traffic, the PIX updates its routing tables. However, the PIX Firewall can advertise one default route through RIP. To enable RIP, refer to this example:
rip outside passive version 2 rip outside default version 2
OSPF is supported on PIX Firewall version 6.3 and later. It is supported on all 500 series platforms except the PIX 501. The OSPF functionality in PIX Firewall version 6.3 is similar to that provided by Cisco IOS® Software Release 12.2(3a).
When Network Address Translation (NAT) is used and OSPF is operating on public and private areas, run two OSPF processes to prevent the advertising of private networks in public areas. This allows you to use NAT and OSPF without advertising private networks, as shown in this example:
ip address outside 22.214.171.124 255.255.255.0 ip address inside 10.0.0.1 255.0.0.0 router ospf 1 network 126.96.36.199 255.255.255.0 area 0 router ospf 2 redistribute ospf 1 network 10.0.0.0 255.0.0.0 area 10.0.0.0