Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX routing

My PIX 535 handles the routing on my network. The situation is this: I have a "source IP" that hits a "target IP" on one interface of the PIX for incoming and when I initiate traffic from my server it goes out to the SAME "source IP" on a different interface on the PIX for outgoing.

So for incoming traffic, I use these 2 commands to make the connection work:

static (vpnfront,dmz2) "Source IP" "Source IP" netmask

route vpnfront "Source IP" "Outside VPN interface" 1

For outgoing traffic, I use these 2 commands to make the connection work:

static (vpnback,dmz2) "Source IP" "Source IP" netmask
route vpnback "Source IP" "Inside VPN Interface" 1

SO the problem is I can't have BOTH static nat and route for the SAME IP bc the PIX simply does really know what to do in this situation. So how do I go about fixing this problem??? I need to be able to have incoming and outgoing traffic without having to manually delete and add the nat and route...


Re: PIX routing


I'm not really sure why do you want to have the two direction to be split, but you might have obvious reason for that.

I'm afraid that PIX will not be able to route the outgoing traffic to the same source IP through two different interfaces conditionally based on the traffic direction.

Somehow you should use two different IP addresses at the source to be able distinguish.

Hope it helps, rate if does


New Member

Re: PIX routing

Yes, the different would be ideal but the "source IP" is a client IP and they don't have another one they can use...  Yeah, I was afraid of that... Thanks for the input.