https://community.cisco.com/t5/network-security/routing-on-pix/m-p/20922#M656076 <HTML><HEAD></HEAD><BODY><P>The reason this doesn't work is because the PIX will not send out ICMP redirects. In your example you want your default gateway (10.10.10.10) to redirect the clients to 10.10.10.200 if they are destined for 172.16.0.0. Routers don't actually "route" these packets in and back out the same interface, they send an ICMP redirect to the client and the client adds this route to its internal routing table. From that point on the client talks directly to the 10.10.10.200 router. The PIX will not do ICMP redirects on any port, therefore it can not be the default gateway on a subnet with multiple routers. Just in case you wanted to know why.</P><P></P></BODY></HTML> Wed, 24 Apr 2002 13:30:38 GMT jboyer 2002-04-24T13:30:38Z https://community.cisco.com/t5/network-security/routing-on-pix/m-p/20919#M655909 <P>Hi,my network has a default gateway, the inside interface of a pixfirewall.</P><P>There is a workaround to permit the pix to route traffic, incoming in its inside interface, vs a destination outbound the same interface???</P><P>e.g: </P><P>the pakets come into inside are routed and sent outbound the inside: </P><P></P><P>ip address inside 10.10.10.10 255.255.255.0 </P><P>route inside 172.16.0.0 255.255.0.0 10.10.10.200</P><P></P><P>this is by default denied.</P><P>thank's in advance </P><P>Graziano</P> Fri, 21 Feb 2020 06:01:54 GMT https://community.cisco.com/t5/network-security/routing-on-pix/m-p/20919#M655909 g.rodegari 2020-02-21T06:01:54Z https://community.cisco.com/t5/network-security/routing-on-pix/m-p/20920#M655941 <HTML><HEAD></HEAD><BODY><P>The PIX does not act as a router. You may need to set the users default gateway to another router on your LAN which can get to all your networks but which will forward external traffic (Internet etc) via the PIX. Alternatively, you could connect the other network to a different PIX interface. Hope that helps.</P></BODY></HTML> Fri, 19 Apr 2002 08:18:10 GMT https://community.cisco.com/t5/network-security/routing-on-pix/m-p/20920#M655941 johnbroadway 2002-04-19T08:18:10Z https://community.cisco.com/t5/network-security/routing-on-pix/m-p/20921#M656021 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>thanks,</P><P>Graziano</P></BODY></HTML> Sat, 20 Apr 2002 09:24:50 GMT https://community.cisco.com/t5/network-security/routing-on-pix/m-p/20921#M656021 g.rodegari 2002-04-20T09:24:50Z https://community.cisco.com/t5/network-security/routing-on-pix/m-p/20922#M656076 <HTML><HEAD></HEAD><BODY><P>The reason this doesn't work is because the PIX will not send out ICMP redirects. In your example you want your default gateway (10.10.10.10) to redirect the clients to 10.10.10.200 if they are destined for 172.16.0.0. Routers don't actually "route" these packets in and back out the same interface, they send an ICMP redirect to the client and the client adds this route to its internal routing table. From that point on the client talks directly to the 10.10.10.200 router. The PIX will not do ICMP redirects on any port, therefore it can not be the default gateway on a subnet with multiple routers. Just in case you wanted to know why.</P><P></P></BODY></HTML> Wed, 24 Apr 2002 13:30:38 GMT https://community.cisco.com/t5/network-security/routing-on-pix/m-p/20922#M656076 jboyer 2002-04-24T13:30:38Z