03-13-2008 11:20 AM - edited 03-11-2019 05:17 AM
I have an interesting PIX issue. A client is trying to route outside traffic to a gateway in a different subnet. I have never seen this configuration before. According to the ISP, I need to run the following config.:
ip address outside 206.138.x.x 255.255.255.0
route outside 0 0 10.1.7.1
route outside 10.1.7.0 255.255.255.0 <outside IP>
I'm pretty sure this will not work, but I'm curious is anyone has ever done this?
03-13-2008 01:50 PM
I know a router can do this. Router does this by doing recursive route lookup and gets the next hop (gateway) info.
But, I wasn't sure about it on a PIX. I went ahead and configured my lab PIX to test and it sure does work the same way.
Though it works it has some downside you may want to be aware of. Recursive route look up would put additional burden on the PIX cpu. If possible, you should avoid this type of configuration.
HTH
Sundar
03-13-2008 02:07 PM
Sundar,
What was the Recursive route lookup commands?
03-13-2008 02:31 PM
John,
It's not a command but a process that router uses.
I shall try to explain this with an example.
Eg.
int e0
ip add 192.168.1.1 255.255.255.0
int e1
ip add 5.5.5.5 255.255.255.255.0
ip route 10.1.1.0 255.255.255.0 172.16.1.1
ip route 172.16.1.1 255.255.255.255 192.168.1.2
When a packet arrives on e1 destined to 10.1.1.1. The router would do a route lookup and determine the next hop is 172.16.1.1, which isn't one of the connected networks. This is when it would do a recursive route lookup to see if it has a route to 172.16.1.1 and since it does via 192.168.1.2, which is directly connected, it would send the packet over to 192.168.1.2
Can I ask you why is it that you would want a route point to the next hop address that's not directly connnected.
HTH
Sundar
03-13-2008 02:37 PM
The issue seems to extend around a clients home office setup. Appearently, there is an ISP whos' directly connected router is in one subnet (private addressing) and the issued client subnet is a Public address. So in this instance the PIX is staticly assigned and Public IP, but has a private IP as the gateway.
03-13-2008 03:42 PM
Can you post a sanitized copy of the PIX configuration and the ISP router addresses.
03-13-2008 02:27 PM
Sundar,
What was the Recursive route lookup commands?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide