Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
5
Replies

Pix basic working

franspain
Level 1
Level 1

‎05-11-2004 11:03 AM - edited ‎02-20-2020 11:23 PM

I have a question about basic working of the Pix firewalls. If I have three different pix in a network and their external networks are configured like this :

- 10.10.100.9 255.255.255.248

- 10.10.100.62 255.255.255.192

- 10.10.100.5 255.255.255.0

If I configure them to receive packets and send them to the internal network.

How will they filter packets received and send them to the correct host in the inside network?

What is the order listening the packets?

Thank you

0 Helpful
5 Replies 5

ehirsel
Level 6
Level 6

‎05-11-2004 01:12 PM

By examining what the access-lists applied to an interface allow (or conduits for older syntax) and the xlate table is how the pix determines if it needs to route the packet and how to do it. NAT/GLOBAL and statics are used to populate the xlate table. The pix doc at www.cisco.com gives more details - I refer you to it.

You mention external networks. Are these the networks that the outside interface of a pix resides in. Or are they static routes pointing to different gateways? (i.e., do all 3 pix units have their outside interface on the same subnet?)

When examining a routing table, the pix code follows the same basic procedure as IOS/standard ip route lookup: the best match wins, best being the most specific route.

0 Helpful

franspain
Level 1
Level 1
In response to ehirsel

‎05-12-2004 08:00 AM

Yes. The three addresses are the external addresses of the three pix. They are not real addresses, but it is to imagin how they are configured.

So the first pix netmask is 255.255.255.0, the second is 255.255.255.192 and the third.....

The three pix go to internet through the same gateway.

Thank you

0 Helpful

ehirsel
Level 6
Level 6
In response to franspain

‎05-12-2004 08:13 AM

Is there a reason that you are using different masks on each pix, if they all use the same gateway?

Or are you using subinterfaces along with some vlan tagging on the gateway and you want to use logical interfaces on the pix units too?

0 Helpful

franspain
Level 1
Level 1
In response to ehirsel

‎05-12-2004 08:38 AM

There is no special reason to configure this. That's why I would like to know exactly how the pix works.

I think that this config has been done to make the each pix route a range of ip from the real external rage.

Basicaly they are configured with a pfisical interface in the outside of the network and another fisical interface in the inside. So they route trafic from the outside ips configured to the inside.

Thanks for your quick response.

0 Helpful

franspain
Level 1
Level 1
In response to franspain

‎05-13-2004 03:20 AM

So, what do you suggest that need to be the config of each external ip of the pix and the netmask. The only I need is that each pix pass the traffic to the inside networks depending of the access list. Should I use different netmask for the three pix?

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card