Solved

Cisco PIX 515E - Routing on same interface

Posted on 2004-08-31
5
1,229 Views
Last Modified: 2008-02-07
I'd like to confirm that it's not possible to route in and out of a PIX on the same interface.  

The internal network IP range 10.7.4.0
The internal NIC on the PIX 515E is 10.7.4.1
Default gateway for all the internal clients is 10.7.4.1
On of the machines (10.7.4.21) on the internal network is set up as a RRAS server to link the 10.7.4.0 and 10.7.1.0 networks

Ideally, I'd like PIX to route 10.7.1.0 traffic to 10.7.4.21.

I've added the route to the PIX
I can ping any client on the 10.7.1.0 network from the PIX console - which confirms that the RRAS server is working correctly
I cannot ping any of the clients on 10.7.1.0 from a machine on the 10.7.4.0 network.
My research suggests that you cannot get the PIX to route the traffic in this way, but I wanted a 'second opinion'

Can I solve the problem by putting another interface card in to the PIX and using that instead of the RRAS server?
0
Comment
Question by:MarkNethercott
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 150 total points
ID: 11940038
you are correct you cannot route on a PIX, if you need to route you need to put a router next to it.

I made the same mistake
http://www.experts-exchange.com/Networking/Q_20920906.html

Pete
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 150 total points
ID: 11940833
>I'd like to confirm that it's not possible to route in and out of a PIX on the same interface
Confirmed.

You can setup the RRAS server as the internal default for all users, and have it point to the PIX as its default gateway. Microsoft never sold a router, so I don't rely much on a server OS to do my routing.

>Can I solve the problem by putting another interface card in to the PIX and using that instead of the RRAS server?
Not suggested. Unlike a router, PIX interfaces have security levels and you will create yourself a rules nightmare trying to route between security levels.

Any old router with just one interface will work for you as a 'router on a stick'

0
 
LVL 1

Accepted Solution

by:
irjeffb earned 200 total points
ID: 11941735
You are correct in that you cannot get packets to go into a PIX and then back out the same interface.

However, you can put another NIC in the PIX to create a third connected network (your first internal, your public, and now your second internal).  You can then set up whatever security you want for it to pass traffic between the two internal networks.

The statement that a PIX cannot route is not truly accurate.  Technically, if you connect both internal networks to different interfaces and configure the security to allow it, the PIX will route between the two networks.
0
 
LVL 1

Expert Comment

by:irjeffb
ID: 11941758
One other note:

You will need to verify that your PIX license allows three interfaces.  The license will state the maximum number of interfaces.  I'm not positive that you can even get them with less than 3, but you should check anyway.  Ours is licenses for 8, although we only have 3.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11945426
ThanQ
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses
Course of the Month7 days, 22 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question