Can I use?

route outside 192.168.1.0 255.255.255.0 192.168.1.1

route outside 192.168.2.128 255.255.255.128 192.168.1.1

Would like to route only specific traffic out and have the rest just dye.

Thanks

Michelle

yes you can.

perhaps you don't even need the first one as the pix outside interface is directly connected to 192.168.1.0.

Not sure but I think it does, because if you don't it trys to set the outside default gateway to 192.168.1.25 (which is itself).

The network is 192.168.1.0 and the router to the WAN is 192.168.1.1 255.255.255.0

the pix is one of many devises in the on the LAN.

Michelle

Can you clarify this a bit, I'm not clear on what you want to do.

Do you only want to connect to devices on the 192.168.1.0/24 network, nothing beyond the WAN router?

Or do you want to send traffic out over the WAN router, but stop traffic going to other 192.168.1.0/24 addresses?

Can I admit to two goals? Increase my understanding of how the pix handles routing of traffic and

would like to send traffic out to the wan, but only to specific networks

route for 192.168.3.192 255.255.255.192

route for 192.168.5.0 255.255.255.0

but not route for any unlisted networks

say if someone tries to go to 192.168.9.159 it just dies because their is no route.

Michelle

That is ok, just use routes to the networks you need pointing at 192.168.1.1.

For example:

route outside 192.168.5.0 255.255.255.0 192.168.1.1

If a route does not exist in the routing table those packets are dropped.

Normally you would want those packets to go to the internet via the default route. But if the PIX is not an internet facing firewall then this gives you a greater degree of control.