routing on pix

g.rodegari · ‎04-16-2002

Hi,my network has a default gateway, the inside interface of a pixfirewall.

There is a workaround to permit the pix to route traffic, incoming in its inside interface, vs a destination outbound the same interface???

e.g:

the pakets come into inside are routed and sent outbound the inside:

ip address inside 10.10.10.10 255.255.255.0

route inside 172.16.0.0 255.255.0.0 10.10.10.200

this is by default denied.

thank's in advance

Graziano

johnbroadway · ‎04-19-2002

The PIX does not act as a router. You may need to set the users default gateway to another router on your LAN which can get to all your networks but which will forward external traffic (Internet etc) via the PIX. Alternatively, you could connect the other network to a different PIX interface. Hope that helps.

g.rodegari · ‎04-20-2002

Hi,

thanks,

Graziano

jboyer · ‎04-24-2002

The reason this doesn't work is because the PIX will not send out ICMP redirects. In your example you want your default gateway (10.10.10.10) to redirect the clients to 10.10.10.200 if they are destined for 172.16.0.0. Routers don't actually "route" these packets in and back out the same interface, they send an ICMP redirect to the client and the client adds this route to its internal routing table. From that point on the client talks directly to the 10.10.10.200 router. The PIX will not do ICMP redirects on any port, therefore it can not be the default gateway on a subnet with multiple routers. Just in case you wanted to know why.