Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
7377
Views
0
Helpful
0
Comments

How to configure routing on the PIX Firewall

TCC_2
Level 10
Level 10

‎06-22-2009 03:41 PM - edited ‎03-08-2019 06:10 PM

Core issue

In many instances, you need to enable routing on the PIX Firewall to connect to devices on networks that are not directly connected. This is accomplished by manually configuring static routes or by using Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) to dynamically learn routes.

Resolution

  • Static routing

    To create a static route statement on the PIX Firewall, issue the route command.

    For example, this command is issued to create a route for the 192.168.1.0 network:

    route inside 192.168.1.0 255.255.255.0 x.x.x.x

    Only one default route can be configured on the PIX Firewall, as shown in this example:

    route outside 0.0.0.0 0.0.0.0 x.x.x.x

    In this example, x.x.x.x. is the IP address of the next hop.

    For more information, refer to the route section of Cisco PIX Firewall Software Command Reference.

  • RIP

    When the PIX Firewall has RIP enabled, it learns where everything is on the network by passively listening for RIP network traffic. When the PIX Firewall interface receives RIP traffic, the PIX updates its routing tables. However, the PIX Firewall can advertise one default route through RIP. To enable RIP, refer to this example:

    rip outside passive version 2
    rip outside default version 2

    For more information, refer to the rip section of Cisco PIX Firewall Software Command Reference.

  • OSPF

    OSPF is supported on PIX Firewall version 6.3 and later. It is supported on all 500 series platforms except the PIX 501. The OSPF functionality in PIX Firewall version 6.3 is similar to that provided by Cisco IOS® Software Release 12.2(3a).

    When Network Address Translation (NAT) is used and OSPF is operating on public and private areas, run two OSPF processes to prevent the advertising of private networks in public areas. This allows you to use NAT and OSPF without advertising private networks, as shown in this example:

       ip address outside 1.1.1.1 255.255.255.0 
             ip address inside 10.0.0.1 255.0.0.0 
      router ospf 1 
        network 1.1.1.0 255.255.255.0 area 0 
      router ospf 2 
        redistribute ospf 1 
        network 10.0.0.0 255.0.0.0 area 10.0.0.0

    For more information, refer to the Configuring OSPF on the PIX Firewall section of Establishing Connectivity.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents