Core issue
A PIX Firewall is installed between two routers, and now the Internetwork Packet Exchange (IPX) traffic cannot pass between networks.
This is the affected topology:
IPX network => RouterA => PIX => RouterB => IPX network
Resolution
The PIX does not route IPX traffic unless it is encapsulated within an IP protocol, such as Generic Routing Encapsulation (GRE). Refer to GRE Tunneling IPX over ISDN in order for a demonstration on how to configure a GRE tunnel between two routers. The example shows the routers connected through ISDN, but the GRE configuration is the same regardless of the media, for example Ethernet, serial, and so forth.
If GRE is configured between the routers, then the PIX must be configured with a static translation for the router on the higher security interface, along with an Access Control List (ACL) that permits the GRE protocol to the global IP address configured for this router.
This is an example PIX configuration:
Hostname(config)#static (inside,outside) < global_ip RouterA_ip > netmask 255.255.255.255
Hostname(config)#access-list < inbound > permit gre host < RouterB_ip > host < global_ip >
Hostname(config)#access-group < access-list > in interface < outside >
Refer to Configuring IPSec/GRE with NAT for more information and a sample configuration.