Re: static route in pix 505

erodrig · ‎02-16-2005

Hi

i have trouble with the static routes in pix 505, i need reach some networks for a router conected in the same segment that inside interface so i added this static routes in pix

route inside 10.65.0.0 255.255.0.0 10.72.0.1 1

route inside 10.68.0.0 255.255.0.0 10.72.0.1 1

route inside 10.72.0.0 255.255.0.0 10.72.0.1 1

the ip addres inside of pix is 10.72.0.65 and the router for reach this network is 10.72.0.1, but is not working, the default gateway of hosts is 10.72.0.65.

i think that the statics routes in pix is not working

is something missing?

thanks

thisisshanky · ‎02-16-2005

The problem is that PIX doesnt route packets coming into one interface of the PIX back through the same interface. In this case your hosts have the PIX as default gateway. So the host try to send packets destination 65.0, 68.0 or 72.0 to the PIX. PIX receives the packet on the inside interface and, even though it has static routes configured, 10.72.0.1 is reachable via the inside interface. So the packet needs to be routed back through the same interface that it came in. PIX rules doesnt allow this. So it simply drops the packet.

A work around for this is to make the router (10.72.0.65) the default gateway for the hosts and have a default route configured on the router pointing to the PIX for traffic going to the internet. Hosts will send any non-local traffic to the router, the router will decide where the packet needs to go.

Hope that helps!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

thisisshanky · ‎02-16-2005

In my previous post, "A work around for this is to make the router (10.72.0.65)" The above statement in quotes should be read as,

"A work around for this is to make the router (10.72.0.1)". I made a mistake in the IP address of the router.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus