Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3375
Views
0
Helpful
3
Replies

can a firewall do routing?

donnie
Level 1
Level 1

‎03-10-2008 07:46 AM - edited ‎03-05-2019 09:39 PM

Hi all. I have a firewall cisco pix 515e that is used as a default gateway for all my pc in my lan. My firewall is using an ip of 192.168.40.254/24. On my lan there is a 2801 router having an ip of 192.168.40.253/24. This router is used to route packets to another network 192.168.41.0/24 that is connected to it. All my pc in the 192.168.40.0/24 network need to access the 192.168.41.0/24 network. Hence i place a static route in my cisco 515e where traffic heading for 192.168.41.0/24 would use the gateway 192.168.40.253. The gateway for 192.168.41.0/24 network is the 2801 router whose other ip is 192.168.41.254. However after adding the static route to my pix, the PCs in 192.168.40.0/24 could not reach 192.168.41.0/24. I was advised by my vendor that cisco pix 515e using ios 6.3 cannot do static route. Is this so?

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎03-10-2008 07:52 AM

Hi

Pix 515E using v6.3 cannot do "hairpinning" and this means your setup won't work. Hairpinning is the ability to route traffic back out the same interface it came in and it is not available until v7.x on the pix. If you want to hairpin unencrypted traffic you need to v7.2.

However a router can route packets back out the same interface so you could

1) Change the default-gateway on your PC's to 192.168.40.253 ie. the 2801 router.

2) Add a default route on the 2801 pointing to the Pix

ip route 0.0.0.0 0.0.0.0 192.168.40.254

That way your clients will be able to route tto the 192.168.41.0 network and still be able to get out via the firewall.

There are other ways of achieving this but the above is probably the simplest.

HTH

Jon

0 Helpful

donnie
Level 1
Level 1
In response to Jon Marshall

‎03-10-2008 09:11 AM

Hi Jon. Thank you for your explanation. Now i understand what actually happened. But can i check on how to upgrade my pix 515e ios from v6.3 to v7.0 ? Thks in advance.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to donnie

‎03-10-2008 09:12 AM

Hi

Yes you could upgrade to v7.x. You need a minimum of 128Mb to run v7.x so you may need a memory upgrade as well as most Pix 515E's i have seen only have 64Mb of memory.

Jon

0 Helpful
Customers Also Viewed These Support Documents