Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
554
Views
0
Helpful
6
Replies

Routes with similar Destination in PIX

abdulnahas
Level 1
Level 1

‎09-17-2006 06:21 AM - edited ‎02-21-2020 01:10 AM

Hi,

I have an issue with routing in PIX firewall. we have three DMZs in total. One DMZ for Public servers like proxy, web. Two DMZs are for a 3rd party server connection using Lease line. The problem lies in this 3rd pary area.

The communication with the 3rd party server is this way:

LAN--->DMZ1--->3rd party Router--->Server

LAN--->DMZ2--->3rd party Router--->Server

The server that both the DMZ refers to is the same. Does PIX allow adding two routes to the same destination.

Appreciate if any one could help on this urgent issue. Thanks in advance

Regards

0 Helpful
6 Replies 6

a.kiprawih
Level 7
Level 7

‎09-17-2006 09:39 AM

Is the 3rd router point to the same unit with 2 different FE ports?

PIX can accept 2 routes with the same destination, with condition - you need to specify different metric for those routes.

route dmz1 10.10.10.10 255.255.255.255 172.16.1.2 1

route dmz2 10.10.10.10 255.255.255.255 172.17.1.10 2

Rgds,

AK

0 Helpful

abdulnahas
Level 1
Level 1
In response to a.kiprawih

‎09-17-2006 09:54 PM

Thanks for the prompt reply. yes the 3rd router is connected on a different FE port of the PIX firewall.

I will try the above option & let know. I would also like to know whether any request coming from the 2nd DMZ will be sent to the first metric route / 2nd metric route.

Thnks & Regards

0 Helpful

abdulnahas
Level 1
Level 1
In response to abdulnahas

‎09-18-2006 01:26 AM

Hi,

Our supplier claims that unless the 1st metric route is down the traffic does not pass to the 2nd metric route.

Please advise if this info is right.

Regards

0 Helpful

abdulnahas
Level 1
Level 1
In response to abdulnahas

‎09-19-2006 02:08 AM

we have tried the metric option but it does not work. Please help. Please advise if there is any alternative solution for the above problem.

Regards

0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to abdulnahas

‎09-19-2006 10:31 AM

Hi,

Yes, there is an option for you. You can use a feature called static route tracking in conjunction with the two static routes that you have in place to address the problem of primary route not clearing when it's down. You need a code greater than 7.2(1)on your PIX for this to work.

More info here:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

HTH

Sundar

0 Helpful

abdulnahas
Level 1
Level 1
In response to sundar.palaniappan

‎09-19-2006 11:55 PM

Hi sundar,

Thanks for the reply. Actually i am not looking for a failover solution.

some of our staff access 1st network & some access 2nd network. so i need both the networks to be routable to the destination from PIX.

I am attaching a visio jpeg for more clarity.

Please advise.

Preview file
113 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card