create a route for certain destination IP's on inside of PIX 515e

Hello John, Im usure of your problem

you want some internal hosts to go through a router before they get to the pix?

if so just make the routers IP address the default gateway for the clients, and make the gateway of last resort of the router the IP of the PIX (internal IP that is)

Pete

youve not got much choice. you CANNOT do routing with a pix firewall

if that dont answer the question, your gonna need to give me some more info :)

I don't want to change the default gateway on the clients. Some external (destination) IP's need to be directed to another router.

I can't believe this can't be done.
There is a route cmd (6-24 command reference).

please advice ...

Right I see

do this on one client to test

Start >run >cmd {enter}

route add <network number of DESTINATION NETWORK> mask <subnet mask of destination network> <ip address of the router> -p

Ok.

It did not find the gateway because it's on a class A network 10.x.x.x

?? doesnt matter? from command line execute a   route print and post the results here :)

C:\Documents and Settings\user>route print
===========================================================================
Interfacelist
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 8b a5 af 3f ...... Compaq NC3161 Fast Ethernet NIC - Pakketplanner-
miniport
===========================================================================
===========================================================================
Activ routes:
Networkaddress             Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.9.200.254    192.9.200.47       30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.9.200.0    255.255.255.0     192.9.200.47    192.9.200.47       30
     192.9.200.47  255.255.255.255        127.0.0.1       127.0.0.1       30
    192.9.200.255  255.255.255.255     192.9.200.47    192.9.200.47       30
        224.0.0.0        240.0.0.0     192.9.200.47    192.9.200.47       30
  255.255.255.255  255.255.255.255     192.9.200.47    192.9.200.47       1
default-gateway:     192.9.200.254
===========================================================================
Static routes:
  none

C:\Documents and Settings\user>

OK heres me adding a 10. address to mine

C:\Documents and Settings\PeteLong>route add 10.2.2.0 mask 255.255.255.0 192.168.1.2 -p

C:\Documents and Settings\PeteLong>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 01 03 c1 55 27 ...... 3Com EtherLink XL 10/100 PCI For Complete PC Man
agement NIC (3C905C-TX) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100       20
         10.2.2.0    255.255.255.0      192.168.1.2   192.168.1.100       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100       20
    192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100       20
        224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100       20
  255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
         10.2.2.0    255.255.255.0      192.168.1.2       1


Pete

If they are external IPs, why are they on your inside network?  Put the router in a DMZ off your PIX and you will be able to route to it.

-Pascal