Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
488
Views
0
Helpful
1
Replies

ip route

M.Vrazalic
Level 1
Level 1

‎10-28-2005 10:04 AM - edited ‎03-03-2019 12:36 AM

i've got 1 firewall 515e, and one cisco 48 emi switch...

the firewall has 3 interface - inside,outside,dmz

i've connected the inside interface to the ethernet port 1 on the 48 port switch.

this is the mgmt vlan. this vlan allows vlan 2 and 3 (for example) to get through it...these vlans are internal network vlans...

then i've connected the dmz interface of the firewall to ethernet port 45 on the switch...this is dmz mgmt vlan 5...vlan 6 can go through this on ports 46,47 and 48...

basically, i've connected the web server in port 46...

now...the problem:

in the switch setup:

ip route 0.0.0.0 0.0.0.0 a.b.c.d

where a.b.c.d is the ip address of the inside interface of the firewall...

now, i want the dmz web server traffic to come out through the dmz vlan, and hence, the firewall dmz interface

ip route 0.0.0.0 0.0.0.0 x.y.z.w

where x.y.z.w is the ip address of the dmz interface of the firewall...

problem is that 0.0.0.0 0.0.0.0 means that all the vlans will be looking to get out through either of the 2 routes...for instance, i've had the issue that the dmz web server worked, but then the traffic on the inside network stopped (guess it was looking to get out through the dmz vlan and i've specified through trunking that only the dmz vlan is allowed and not vlans 2 and 3)...

how do i deal with this?

can i just type in the network address?

basically ip route x.x.x.x y.y.y.y x.y.w.z

x.x.x.x is this the address of the network on which the web server is on or is this the ip address of the dmz vlan?

if the web server address is (internal) 10.10.10.1 on a subnet 255.255.255.0

would i type

ip route 10.10.10.0 255.255.255.0 x.y.z.w (where x.y.w.z is the dmz interface on the firewall)...

where can i get info regarding ip route command with good examples....

Labels:
0 Helpful
1 Reply 1

lgijssel
Level 9
Level 9

‎10-28-2005 10:34 AM

The default route on the PIX should point to the Internet router or your ISP. All other routes should be more specific as described in the following.

Please find a URL about route selection in Cisco devices. It should apply to the PIX as well.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094823.shtml#prereq

Regards,

Leo

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card