From: Jay Hennigan (jay@xxxxxxxx)
Date: Mon Oct 30 2000 - 14:44:30 GMT-3
On Mon, 30 Oct 2000, Andrew wrote:
> The PIX absolutely has default route statements. 'ip route outside|inside'
True. My APC power strip has a default route statement, does that make
it a router?
If you try not to think of a PIX as a router, it will be a lot easier to
understand. Yes, it moves IP packets from one interface to another under
certain defined conditions. Routers also do this. So do proxy servers.
But, you still need the static (inside,outside) for non-NAT applications
where the outside will be allowed certain conduits to the inside. And,
for non-NAT the inside and outside interfaces are in the same subnet.
The PIX documentation is pretty good. The description under "static" in
the command reference addresses this.
Without NAT, the interfaces are in the same subnet, no routing. With NAT,
there's address translation taking place, but not what one would normally
think of as routing. The PIX is capable of recognizing whether a destination
is part of an interface's local subnet and if not forwarding it to a gateway.
But, packets arriving on the outside interface with a destination of an
inside (higher security) interface are not handled by routing. The outside
network is unaware of the existence of the inside network without a static
mapping. This static mapping can be to a different address with NAT. This
isn't what I'd call routing. The static mapping can also be to the same
address without NAT, in which case both interfaces are in the same network.
This, IMHO, isn't routing either.
-- Jay Hennigan - Network Administration - jay@west.net NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:32 GMT-3