From: Kenneth Wygand (KWygand@customonline.com)
Date: Wed Jan 21 2004 - 00:22:24 GMT-3
Alec,
What will you ICMP redirect to? Another router on the same segment? No this won't work.
HOWEVER, why don't you change your clients on the segment to point to THAT router as their default gateway, and then enable ICMP redirects on that router. This way, clients that need to send traffic to the Pix will be "ICMP redirected" by the local router to the Pix.
Will this work for your application?
Ken
-----Original Message-----
From: nobody@groupstudy.com on behalf of Pun, Alec CL
Sent: Tue 1/20/2004 9:55 PM
To: dswink@cisco.com; 'Scott Morris'; 'Driessens.Hans'; 'Pun, Alec CL'; ccielab@groupstudy.com
Cc:
Subject: RE: How to enable one-arm routing in PIX
How about any way to enable icmp redirect in PIX ? I mean on the inside
interface.
-----Original Message-----
From: Dave Swink (dswink) [mailto:dswink@cisco.com]
Sent: Wednesday, January 21, 2004 12:18 AM
To: 'Scott Morris'; 'Driessens.Hans'; 'Pun, Alec CL';
ccielab@groupstudy.com
Subject: RE: How to enable one-arm routing in PIX
Hans,
Good idea, unfortunately it does not work. The PIX does not allow
routing in and out of the same PHYSICAL interface. The was my experience
with it, at least. If someone can make it work, please share.
Dave Swink, CCIE #11678, CISSP
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott Morris
Sent: Tuesday, January 20, 2004 8:27 AM
To: 'Driessens.Hans'; 'Pun, Alec CL'; ccielab@groupstudy.com
Subject: RE: How to enable one-arm routing in PIX
That would be like multi-fingered routing. :)
-----Original Message-----
From: Driessens.Hans [mailto:hans.driessens@siemens.com]
Sent: Tuesday, January 20, 2004 9:03 AM
To: Scott Morris; 'Pun, Alec CL'; ccielab@groupstudy.com
Subject: RE: How to enable one-arm routing in PIX
Hi group
since ver 6.3 you can do trunking and make two logical interface on one
physical interface.... that looks like a onearmed router to me(one-armed
pix)
cheers
hans
-----Oorspronkelijk bericht-----
Van: Scott Morris [mailto:swm@emanon.com]
Verzonden: Tuesday, January 20, 2004 14:49
Aan: 'Pun, Alec CL'; ccielab@groupstudy.com
Onderwerp: RE: How to enable one-arm routing in PIX
Nope. Once it goes into the PIX on one interface it MUST exit via a
different interface. Your PIX is a firewall, not supposed to be a
router!
:)
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Pun, Alec CL
Sent: Tuesday, January 20, 2004 5:31 AM
To: ccielab@groupstudy.com
Subject: OT : How to enable one-arm routing in PIX
Hi group,
Any method to enable one-arm routing in PIX ? It seems PIX by default
does not allow routing in and out using the same interface, e.g. inside.
Any way to bypass this restriction.
rgds,
alec
_______________________________________________________________________
Please help support GroupStudy by purchasing your study materials from:
http://shop.groupstudy.com
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Please help support GroupStudy by purchasing your study materials from:
http://shop.groupstudy.com
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Please help support GroupStudy by purchasing your study materials from:
http://shop.groupstudy.com
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Please help support GroupStudy by purchasing your study materials from:
http://shop.groupstudy.com
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:48 GMT-3