Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

There is trouble with IPX traffic that passes through the PIX Firewall between internal and external routers

Core issue

A PIX Firewall is installed between two routers, and now the Internetwork Packet Exchange (IPX) traffic cannot pass between networks.

This is the affected topology:

IPX network => RouterA => PIX => RouterB => IPX network


The PIX does not route IPX traffic unless it is encapsulated within an IP protocol, such as Generic Routing Encapsulation (GRE). Refer to GRE Tunneling IPX over ISDN in order for a demonstration on how to configure a GRE tunnel between two routers. The example shows the routers connected through ISDN, but the GRE configuration is the same regardless of the media, for example Ethernet, serial, and so forth.

If GRE is configured between the routers, then the PIX must be configured with a static translation for the router on the higher security interface, along with an Access Control List (ACL) that permits the GRE protocol to the global IP address configured for this router.

This is an example PIX configuration:

Hostname(config)#static (inside,outside) < global_ip RouterA_ip > netmask
access-list < inbound > permit gre host < RouterB_ip > host < global_ip >
access-group < access-list > in interface < outside >

Refer to Configuring IPSec/GRE with NAT for more information and a sample configuration.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:45 PM
Updated by:
Labels (1)