Re: static route on cisco pix 515e

donnie · ‎08-15-2008

Hi all. I have a cisco pix 515e where the internal ip is 192.168.1.254 and dmz ip is 192.168.2.254. I have a router which connects 192.168.1.0/24 subnet with the ip 192.168.1.253 and connects to 192.168.3.0/24 subnet. There is a server on my dmz with the ip 192.168.2.x that i want it to connect to another server in 192.168.3.0/24 subnet. Hence i would like to add a static route on my pix as below.

route 192.168.3.0 255.255.255.0 192.168.1.253

I understand that the ciscopix 515e with version 6.x cannot do hairpinning which is routing using the same interface. Hence for this scenario(which is not hairpinning) will the server in dmz be able to access the server 192.168.3.x after i add the above static route? Thks in advance.

Marwan ALshawi · ‎08-15-2008

route inside 192.168.3.0 255.255.255.0 192.168.1.253

and u need a route on the router aswel

like

ip route 192.168.2.0 255.255.255.0 192.168.254

and u need the following acl on the pix

access-list 100 permit ip 192.168.3.0 255.255.255.0 192.168.3.0 255.255.255.0

access-group 100 ininterface dmz

good luck

please, if helpful rate

donnie · ‎08-15-2008

Hi Marwanshawi,

Thks for the advise. I forgot abt the return path, thk u for highlighting it to me. Basically i post this question because my boss says adding static routes to firewall is not possible. However i feel that as long as its not hairpinning, static routes added to the firewall would work.

Marwan ALshawi · ‎08-15-2008

based on ur config workes for sure

good luck

please, if helpful rate