Solved

Cisco PIX 515E - Routing on same interface

Posted on 2004-08-31
5
1,208 Views
Last Modified: 2008-02-07
I'd like to confirm that it's not possible to route in and out of a PIX on the same interface.  

The internal network IP range 10.7.4.0
The internal NIC on the PIX 515E is 10.7.4.1
Default gateway for all the internal clients is 10.7.4.1
On of the machines (10.7.4.21) on the internal network is set up as a RRAS server to link the 10.7.4.0 and 10.7.1.0 networks

Ideally, I'd like PIX to route 10.7.1.0 traffic to 10.7.4.21.

I've added the route to the PIX
I can ping any client on the 10.7.1.0 network from the PIX console - which confirms that the RRAS server is working correctly
I cannot ping any of the clients on 10.7.1.0 from a machine on the 10.7.4.0 network.
My research suggests that you cannot get the PIX to route the traffic in this way, but I wanted a 'second opinion'

Can I solve the problem by putting another interface card in to the PIX and using that instead of the RRAS server?
0
Comment
Question by:MarkNethercott
  • 2
  • 2
5 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 150 total points
ID: 11940038
you are correct you cannot route on a PIX, if you need to route you need to put a router next to it.

I made the same mistake
http://www.experts-exchange.com/Networking/Q_20920906.html

Pete
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 150 total points
ID: 11940833
>I'd like to confirm that it's not possible to route in and out of a PIX on the same interface
Confirmed.

You can setup the RRAS server as the internal default for all users, and have it point to the PIX as its default gateway. Microsoft never sold a router, so I don't rely much on a server OS to do my routing.

>Can I solve the problem by putting another interface card in to the PIX and using that instead of the RRAS server?
Not suggested. Unlike a router, PIX interfaces have security levels and you will create yourself a rules nightmare trying to route between security levels.

Any old router with just one interface will work for you as a 'router on a stick'

0
 
LVL 1

Accepted Solution

by:
irjeffb earned 200 total points
ID: 11941735
You are correct in that you cannot get packets to go into a PIX and then back out the same interface.

However, you can put another NIC in the PIX to create a third connected network (your first internal, your public, and now your second internal).  You can then set up whatever security you want for it to pass traffic between the two internal networks.

The statement that a PIX cannot route is not truly accurate.  Technically, if you connect both internal networks to different interfaces and configure the security to allow it, the PIX will route between the two networks.
0
 
LVL 1

Expert Comment

by:irjeffb
ID: 11941758
One other note:

You will need to verify that your PIX license allows three interfaces.  The license will state the maximum number of interfaces.  I'm not positive that you can even get them with less than 3, but you should check anyway.  Ours is licenses for 8, although we only have 3.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11945426
ThanQ
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now