02-16-2005 04:53 PM
Hi
i have trouble with the static routes in pix 505, i need reach some networks for a router conected in the same segment that inside interface so i added this static routes in pix
route inside 10.65.0.0 255.255.0.0 10.72.0.1 1
route inside 10.68.0.0 255.255.0.0 10.72.0.1 1
route inside 10.72.0.0 255.255.0.0 10.72.0.1 1
the ip addres inside of pix is 10.72.0.65 and the router for reach this network is 10.72.0.1, but is not working, the default gateway of hosts is 10.72.0.65.
i think that the statics routes in pix is not working
is something missing?
thanks
02-16-2005 08:21 PM
The problem is that PIX doesnt route packets coming into one interface of the PIX back through the same interface. In this case your hosts have the PIX as default gateway. So the host try to send packets destination 65.0, 68.0 or 72.0 to the PIX. PIX receives the packet on the inside interface and, even though it has static routes configured, 10.72.0.1 is reachable via the inside interface. So the packet needs to be routed back through the same interface that it came in. PIX rules doesnt allow this. So it simply drops the packet.
A work around for this is to make the router (10.72.0.65) the default gateway for the hosts and have a default route configured on the router pointing to the PIX for traffic going to the internet. Hosts will send any non-local traffic to the router, the router will decide where the packet needs to go.
Hope that helps!
02-16-2005 08:54 PM
In my previous post, "A work around for this is to make the router (10.72.0.65)" The above statement in quotes should be read as,
"A work around for this is to make the router (10.72.0.1)". I made a mistake in the IP address of the router.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide