Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
559
Views
0
Helpful
3
Replies

Is it possible for config on PIX 515 v5.3(4)

vincent-n
Level 3
Level 3

‎03-17-2009 03:59 PM - edited ‎03-11-2019 08:06 AM

Hi all

I was wondering whether it's possible to define a same subnet that exist on both the inside and outside interfaces on a PIX 515 running ver 6.3(4). For instance a subnet of 10.10.1.0/24. I'm setting up the PIX to receive RIP routing update from the inside router for 10.10.1.0/24 routes. Also setup on the PIX is site-site VPN for 10.10.1.0/24 subnet. Under normal circumstances, the PIX will route traffic for 10.10.1.0/24 towards the inside router and should the WAN link to 10.10.1.0/24 fails, the router stopped advertising 10.10.1.0/24 to PIX. The PIX will then use a floating static route for 10.10.1.0/24 (with AD=5) to route traffic towards the site-site VPN.

So far I've been able to define floating static routes and configure passive RIP on the PIX. Then realised that I have to define the same subnet 10.10.1.0/24 on two different interfaces and I don't think the PIX will like this.

Thanks for your help.

Labels:
0 Helpful
3 Replies 3

ldardon
Level 1
Level 1

‎03-23-2009 12:12 PM

I think you should not configure the PIX inside and outside interface with the same subnet. The device will give some error.In this case PIX behaves like a router, so all of its interfaces should be in different networks. If the user wants to inspect the traffic in the same network then you can configure PIX in transparent mode.Now the PIX acts like switch.

0 Helpful

hobbe
Level 7
Level 7

‎03-24-2009 08:19 AM

I do not think this would work well with the software version you have.

I can not se a way for this to work properly.

there are several different problems with this. one would be how the interfaces would know what side the packet would need to be sent on.

0 Helpful

vincent-n
Level 3
Level 3
In response to hobbe

‎03-24-2009 03:25 PM

I've received an answer from a PIX/ASA engineer working at a large telecommunication organisation stating that it's quite alright to configure passive RIP on the inside interface and a floating static route for the same subnet/s on the outside interface. I'm going to setup a test network and see if this is possible or not. What I know now is that I've been able to configure passitve RIP and floating static route on the PIX firewall. Check out the output on my firewall below:

Firewall# sho route | inc 10.1

inside 10.1.0.0 255.255.0.0 10.10.3.11 3 OTHER static

inside 10.1.3.0 255.255.255.0 10.10.3.21 2 RIP

outside 10.1.3.0 255.255.255.0 203.xxx.xxx.97 4 OTHER static

inside 10.1.100.0 255.255.255.0 10.10.3.21 2 RIP

outside 10.1.100.0 255.255.255.0 203.xxx.xxx.97 4 OTHER static

Firewall#

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card