Re: PIX routing question

s.vidanovic · ‎08-05-2002

This question is a little bit odd, but I need the answer. I have two external interfaces on PIX (extranet1 and extranet2) and one route for the network 192.168.1.0 pointing to extranet1. That is OK. Now, I need to route traffic to two hosts which are part of the network 192.168.1.0 (addresses 52 and 68) to second external interface (extranet2). I have created route to 192.168.1.0/24 pointing to extranet1 and two specific routes for 192.168.1.52 and 68 pointing to extranet2. NAT translation is completely different on two extranet interfaces. With this config, traffic with destination of 192.168.1.52 and 68 still goes to extranet1, which is not what I want.

Any ideas, how can I overcome this problem.

Thanks in advance,

Sasa Vidanovic

yusuff · ‎08-06-2002

If the static for 192.168.1.52 and .68 are for extranet1, then PIX will always use extranet1 interface for routing since it will have a CONNECTED route for this which is more preferrable than any other. I don't think you can acheive what you want to do since PIX does not do any policy routing etc to force traffic to change the next-hop or use another interface for egress, etc. In summary, PIX does not have any routing capability.

R/Yusuf

tim.hunt · ‎08-06-2002

I think that subnetting the two interfaces is the only option. If you can make the two interfaces different subnets the PIX will route accordingly.

Would be nice if the PIX allowed multiple IP's per interface, but they do not support this at least not with 6.2.

TH