In many instances, you need to enable routing on the PIX Firewall to connect to devices on networks that are not directly connected. This is accomplished by manually configuring static routes or by using Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) to dynamically learn routes.
To create a static route statement on the PIX Firewall, issue the route command.
For example, this command is issued to create a route for the 192.168.1.0 network:
route inside 192.168.1.0 255.255.255.0 x.x.x.x
Only one default route can be configured on the PIX Firewall, as shown in this example:
route outside 0.0.0.0 0.0.0.0 x.x.x.x
In this example, x.x.x.x. is the IP address of the next hop.
When the PIX Firewall has RIP enabled, it learns where everything is on the network by passively listening for RIP network traffic. When the PIX Firewall interface receives RIP traffic, the PIX updates its routing tables. However, the PIX Firewall can advertise one default route through RIP. To enable RIP, refer to this example:
rip outside passive version 2 rip outside default version 2
OSPF is supported on PIX Firewall version 6.3 and later. It is supported on all 500 series platforms except the PIX 501. The OSPF functionality in PIX Firewall version 6.3 is similar to that provided by Cisco IOS® Software Release 12.2(3a).
When Network Address Translation (NAT) is used and OSPF is operating on public and private areas, run two OSPF processes to prevent the advertising of private networks in public areas. This allows you to use NAT and OSPF without advertising private networks, as shown in this example:
ip address outside 126.96.36.199 255.255.255.0 ip address inside 10.0.0.1 255.0.0.0 router ospf 1 network 188.8.131.52 255.255.255.0 area 0 router ospf 2 redistribute ospf 1 network 10.0.0.0 255.0.0.0 area 10.0.0.0
Hi, I had a question that the quantity of AnyConnect license on ASA didn't match the the quantity of license I had imported Recently, we bought 100 AnyConnect Plus license of ASA5525-XAfter I importing it into ASA, and I found the quantity of th...
The IKEv2 Policy (not the authorization policy) can be used to set the IKEv2 proposal. crypto ikev2 policy policy2
match vrf fvrf
match local address 10.0.0.1
proposal proposal-1However, I have a hard time understanding how ikev2 policy is a...
Hi All, I have a problem with ZBFW (on router). I tried to set it up like (I think) should it be, so Inside can initiate connection to the outside and to router itself but outside cannot initiate connection to inside and to router it self. Based on b...
I am running FMC version 184.108.40.206 and would like to utilize the cross-launch objects to access many of the links that are available on the Contextual Cross-launch page. Problem is, the most selections I can see when I right click on IPs or URLs is 9 ...