https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483671#M556963 <HTML><HEAD></HEAD><BODY><P>Intra-interface firewalling is possible on both FWSM 2.3 amd PIX 7.0 using the 'same-security-traffic permit intra-interface' command.</P><P></P><P>On the FWSM this can be for any traffic. However on the PIX I beleive this is allowed only for IPSec traffic - VPN Hub-Spoke scenario to allow for spoke-spoke communication after firewalling on same interface.</P></BODY></HTML> Fri, 01 Jul 2005 22:26:49 GMT sunilc 2005-07-01T22:26:49Z https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483665#M556955 <P>Hi,</P><P></P><P>I was recently told that it is not possible to route traffic coming in via e.g. Eth1 out of Eth1 again to another router for example.</P><P>I'm not convinced though, and was wondering if any of you know of a way to do it? It is some special command, a question of rules or simply the need for a firmware update?</P><P></P><P>Thanks in advance,</P><P>Rasmus</P> Fri, 21 Feb 2020 08:13:08 GMT https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483665#M556955 rate 2020-02-21T08:13:08Z https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483666#M556956 <HTML><HEAD></HEAD><BODY><P>Hello Rasmus</P><P></P><P>You are right... icmp redirects arent possible with PIX.. this is feature specific and does not depend on any commands or hardware...</P><P></P><P>try putting a router before/after pix and do redirection on router instead of pix...</P><P></P><P>just have a look at this pix faq document..</P><P></P><P>HTH</P><P>Raj</P></BODY></HTML> Mon, 20 Jun 2005 09:25:15 GMT https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483666#M556956 sachinraja 2005-06-20T09:25:15Z https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483667#M556957 <HTML><HEAD></HEAD><BODY><P>I had the same need a little over a year ago and I opened a TAC case to ask if there were any "undocumented commands" to get the PIX to route packets in/out, for my particular SOHO need. I was advised it was NOT possible. I had to put a router just before the PIX, as has been mentioned in this thread.</P></BODY></HTML> Mon, 27 Jun 2005 13:43:37 GMT https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483667#M556957 s309973 2005-06-27T13:43:37Z https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483668#M556958 <HTML><HEAD></HEAD><BODY><P>Routing packets in/out of the same interface is known as hair-pinning. This is not supported in 6.x or previous versions, but you can enable it on PIX 7.x</P><P></P><P>HTH</P></BODY></HTML> Mon, 27 Jun 2005 14:16:28 GMT https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483668#M556958 timothy.arnold 2005-06-27T14:16:28Z https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483669#M556959 <HTML><HEAD></HEAD><BODY><P>Really? That sounds great. Actually I think it weird they didn't implement it in earlier versions - a lot of other firewalls can do it.</P><P>Is it easy to configure, or is it rocket science?</P></BODY></HTML> Tue, 28 Jun 2005 06:00:46 GMT https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483669#M556959 rate 2005-06-28T06:00:46Z https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483670#M556961 <HTML><HEAD></HEAD><BODY><P>You can enable hair-pinning ONLY for VPN....</P></BODY></HTML> Tue, 28 Jun 2005 08:18:17 GMT https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483670#M556961 a.alekseev 2005-06-28T08:18:17Z https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483671#M556963 <HTML><HEAD></HEAD><BODY><P>Intra-interface firewalling is possible on both FWSM 2.3 amd PIX 7.0 using the 'same-security-traffic permit intra-interface' command.</P><P></P><P>On the FWSM this can be for any traffic. However on the PIX I beleive this is allowed only for IPSec traffic - VPN Hub-Spoke scenario to allow for spoke-spoke communication after firewalling on same interface.</P></BODY></HTML> Fri, 01 Jul 2005 22:26:49 GMT https://community.cisco.com/t5/network-security/route-in-out-same-interface-on-pix/m-p/483671#M556963 sunilc 2005-07-01T22:26:49Z