https://community.cisco.com/t5/network-security/using-pix-as-default-gateway-for-routing-to-internal-networks/m-p/177190#M606757 <HTML><HEAD></HEAD><BODY><P>Is this the case for ICMP redirects or all redirects?</P><P></P><P>I seem to be in a similar situation where I have a router on my inside network which routes to a subnet. I have added a route to the PIX as such:</P><P></P><P>route <SUBNET ip=""> <SUBNET mask=""> <ROUTE ip=""> 1</ROUTE></SUBNET></SUBNET></P><P></P><P>The PIX itself can now ping the subnet on the other side of the router. However, no hosts on the inside network can ping the subnet.</P><P></P><P>The PIX returns this error in its log:</P><P></P><P>110001: No route to <HOST on="" subnet=""> from <HOST on="" inside="" network=""></HOST></HOST></P><P></P><P>So why is it that the PIX can ping the subnet but not any other host.</P><P></P><P>Rodney</P></BODY></HTML> Fri, 02 May 2003 18:08:16 GMT przyboro 2003-05-02T18:08:16Z https://community.cisco.com/t5/network-security/using-pix-as-default-gateway-for-routing-to-internal-networks/m-p/177188#M606754 <P>Can PIX be used as a default router for hosts that need to reach other internal networks? Access to these networks is through a router connected to the inside subnet.</P><P>Does PIX support ICMP redirects?</P><P></P><P>Jarek</P> Fri, 21 Feb 2020 06:42:02 GMT https://community.cisco.com/t5/network-security/using-pix-as-default-gateway-for-routing-to-internal-networks/m-p/177188#M606754 jsluzewski 2020-02-21T06:42:02Z https://community.cisco.com/t5/network-security/using-pix-as-default-gateway-for-routing-to-internal-networks/m-p/177189#M606755 <HTML><HEAD></HEAD><BODY><P>HI.</P><P></P><P>&gt; Does PIX support ICMP redirects?</P><P>No.</P><P>That's one feature that should be added.</P><P>I had the same problem myself with several similar scenarios.</P><P></P><P>The 2 solutions that I know of are:</P><P></P><P>* Deploy static routers to servers (and workstations if needed).</P><P>This can be done using login script for workstations (only if they need access to the other network), and permanent static routes on servers.</P><P>For W2K servers use:</P><P>route -p add .....</P><P>For Windows workstations, use:</P><P>route add ...</P><P></P><P>* Use a router as default gateway. This could be the existing router used for the internal connection, or an additional router purchased for that task (or a L3 switch).</P><P></P><P>* There is also the option to use RIP, but this will not help the workstations so for small networks it won't help much.</P><P></P><P>Both solutions aren't perfect and each has its disadvantages.</P><P>I normally preffer the first solution for small networks, because the other solution (DG to the router) - adds an additional point of failure: If the internal router fails, the Internet connection fails also with no need.</P><P></P><P>If only few servers and administrator workstation needs connectivity to remote hosts, you can apply the static routes only to them.</P><P></P><P>Yizhar</P><P></P></BODY></HTML> Fri, 18 Apr 2003 21:33:20 GMT https://community.cisco.com/t5/network-security/using-pix-as-default-gateway-for-routing-to-internal-networks/m-p/177189#M606755 yizhar 2003-04-18T21:33:20Z https://community.cisco.com/t5/network-security/using-pix-as-default-gateway-for-routing-to-internal-networks/m-p/177190#M606757 <HTML><HEAD></HEAD><BODY><P>Is this the case for ICMP redirects or all redirects?</P><P></P><P>I seem to be in a similar situation where I have a router on my inside network which routes to a subnet. I have added a route to the PIX as such:</P><P></P><P>route <SUBNET ip=""> <SUBNET mask=""> <ROUTE ip=""> 1</ROUTE></SUBNET></SUBNET></P><P></P><P>The PIX itself can now ping the subnet on the other side of the router. However, no hosts on the inside network can ping the subnet.</P><P></P><P>The PIX returns this error in its log:</P><P></P><P>110001: No route to <HOST on="" subnet=""> from <HOST on="" inside="" network=""></HOST></HOST></P><P></P><P>So why is it that the PIX can ping the subnet but not any other host.</P><P></P><P>Rodney</P></BODY></HTML> Fri, 02 May 2003 18:08:16 GMT https://community.cisco.com/t5/network-security/using-pix-as-default-gateway-for-routing-to-internal-networks/m-p/177190#M606757 przyboro 2003-05-02T18:08:16Z