Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
775
Views
0
Helpful
0
Comments

There is trouble with IPX traffic that passes through the PIX Firewall between internal and external routers

TCC_2
Level 10
Level 10

‎06-22-2009 04:45 PM - edited ‎03-08-2019 06:19 PM

Core issue

A PIX Firewall is installed between two routers, and now the Internetwork Packet Exchange (IPX) traffic cannot pass between networks.

This is the affected topology:

IPX network => RouterA => PIX => RouterB => IPX network

Resolution

The PIX does not route IPX traffic unless it is encapsulated within an IP protocol, such as Generic Routing Encapsulation (GRE). Refer to GRE Tunneling IPX over ISDN in order for a demonstration on how to configure a GRE tunnel between two routers. The example shows the routers connected through ISDN, but the GRE configuration is the same regardless of the media, for example Ethernet, serial, and so forth.

If GRE is configured between the routers, then the PIX must be configured with a static translation for the router on the higher security interface, along with an Access Control List (ACL) that permits the GRE protocol to the global IP address configured for this router.

This is an example PIX configuration:

Hostname(config)#static (inside,outside) < global_ip RouterA_ip > netmask 255.255.255.255
Hostname(config)#access-list < inbound > permit gre host < RouterB_ip > host < global_ip >
Hostname(config)#access-group < access-list > in interface < outside >

Refer to Configuring IPSec/GRE with NAT for more information and a sample configuration.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents