From: Annu (annu_roopa@xxxxxxxxx)
Date: Fri Aug 03 2001 - 14:02:57 GMT-3
Octavio,
Answers inline.
> I need to do a PIX route to a different default
> router depending on the source IP address. I have a
PIX 515 (5.2.4) (4 Interfaces) with an outside
interface default route.
As i know u can have only 1 default route on PIX to
outside.U can have multiple "route inside" statements
pointing to internal routers based on internal
subnet.Otherwise have a router to do this with
firewall functionality such that based on source IP
address it will route accordingly to outside.PIx cant
route.
=====
> For traffic from the outside interface, the PIX
(because of the default route) try to send unknow IP
destination traffic to the outside interface but this
traffic can't be sent because of no xlate's. Then It
could be necessary to configure
static(outside,outside) for every outside destination
(Internet).
Why is ur PIX trying to send unknown (unless its
trusted) traffic from outside to other location...PIX
is not a router and moreover u would have a router to
whom the PIX is pointing as Def gway - this rtr should
do this.So when traffic lands on ur PIX (thru outside
rtr) lets say to go to DMZ based on the static and
conduits statements u have,it will allow it to reach
destination.
====
>Then it could be good to have a different default
>route for traffic from the inside and for the traffic
from the outside. It could be good too, the PIX to
send traffic from the ouside interface to the outside
interface > (without the static(outside,outside)
command) and > use > only one default route.
For inside traffic going out ,ur PIX will point to def
gtway which i guess is router on outside.For incoming
traffic u can do Static (inside,outside)/ static(
dmz,outside). I am not sure how ur PIx will allow
outside to DMZ without statics and conduits using only
default routes.
Send ur configs and hope this helps.
Bye,
Annu
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:44 GMT-3