Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
3
Replies

PIX 525 handles specific routes

jonXP
Level 1
Level 1

‎09-27-2006 07:50 PM - edited ‎02-21-2020 01:11 AM

Hi all,

can advise on whether PIX 525 is able to handle specific routes in its routing table?

This is because I have configured two static routes on the PIX:

route inside 10.0.0.0 255.0.0.0 192.168.1.2 1

route private 10.1.1.0 255.255.255.0 172.16.1.2 1

I have carried out a capture command on the two interfaces and below is the result:

pix# sh capture private

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

pix# sh capture dmz

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.100.90.51 > 10.1.1.113: icmp echo reply (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.100.90.51 > 10.1.1.113: icmp echo reply (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

10.100.90.51 > 10.1.1.113: icmp echo reply (fragment-packet)

10.1.1.113 > 10.100.90.51: icmp echo request (fragment-packet)

Also, I have checked my syslog and all that is shown is the below error:

%PIX-6-110001: No route to 10.1.1.113 from 10.100.90.51

TIA!

0 Helpful
3 Replies 3

jonXP
Level 1
Level 1

‎09-27-2006 07:52 PM

Hi all,

sorry, the second capture should be:

pix# sh capture inside

sorry for the typo errror.

0 Helpful

a.kiprawih
Level 7
Level 7
In response to jonXP

‎10-03-2006 05:43 PM

Hi,

Can you share the config, specifically from the "static (x,y) y,x' command to the route statement? You may hide public IP for confidentiality.

As for the routing, it is recommended to put the specific route (longest match) first before putting the general route.

In you route statement, route to 10.1.1.0 was 'eaten' by the ' route inside 10.0.0.0 ... " statement. But this could be influence be the "static (x,y)" command as well, if any.

Hope this helps. Pls rate all useful post(s).

Cheers!

AK

0 Helpful

jonXP
Level 1
Level 1
In response to a.kiprawih

‎10-04-2006 06:04 PM

hi AK,

below are some configuration on the pix 525 which will be useful

nameif ethernet1 inside security100

nameif ethernet2 private security20

I am pinging from the private interface to the inside interface:

from 10.1.1.113 to 10.100.90.51

for access from a lower security interface to a higher security interface, a static NAT and ACL is configured

static (inside,private) 10.100.90.0 10.100.90.0 netmask 255.255.255.0 0 0

access-list private_access_in permit ip 10.1.1.0 255.255.255.0 10.0.0.0 255.0.0.0

Let me know if there's any other information which you require. I am wondering whether the PIX is able to understand specific routes like a router. Thanks!

Regards,

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card