interesting routing problem for PIX

tim.metzinger · ‎02-09-2005

I'm going to have a pix with two "outside facing" interfaces, and two "inside facing" networks. Both outside interfaces have paths to the internet. Lets call the interfaces:'

Outside1

Outside2

Inside1

Inside2

I need to be able to set up the pix so that traffic from the inside1 net always goes to the internet via the outside1 interface and router, and that traffice from the inside2 network always goes out via the outside2 interface and router.

I think I can do this by setting up static statements so that there are

static (inside1, outside1)

static (inside2, outside2)

statements only. Is this correct?

is there a way to do any sort of source-based routing on the PIX?

nkhawaja · ‎02-09-2005

the problem is more towards routing end. it is not as simple as defining static statements. i would prefer to have a router infront of the pix and let the router decide about it using source based routing.

scoclayton · ‎02-09-2005

Unfortunately, the static statements are not going to help in this case. Routing occurs before translations. The static statements you have suggested will only translate the source address, they will not steer the packets to a destination interface.

As Nadeem mentioned, there is no source based routing on the PIX so I really can't think of a way to make this work. I'll think on this tonight and post a reply in the morning if I think of something.

Sorry for the lack of help. I just wanted to stop you form wasting time on the static idea.

Scott

stevep · ‎02-10-2005

Hi,

I think you may be able to accomplish what you are trying to achieve by using policy NAT on the PIX. You can use either a global for translating addresses from a particular network or a static.

Check the following link it explains it nicely and shows you a configuration example.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113601