TANGLAD
asked on
Need to do static routing in Pix 501 - How to do?
I'm a beginner in Pix 501. Don't know how to setup routing.
Can anyone tell me how to do it in PDM?
Can anyone tell me how to do it in PDM?
Pete Long
What routing do you want to do? A 501 will be version 6 at best so its routing capability is very limited.
ASKER
Our default gateway for the PC's is our firewall and internetconnection 192.168.22.254 (that is the lan address of our firewall.
We have an MPLS for connecting our office to our HQ. That MPLS router is connected to our LAN on address 192.168.22.78
So we need to do some routing in the Pix 510 for some specific nets/hosts on our HQ
HQ has asked me to do this routing in our firewall:
ip route xxx.xxx.xxx.0 255.255.255.0 192.168.22.78
How to do this in Pix PDM (the xxx.xxx.xxx.0 is because I don't want to tell the real network ip)
We have an MPLS for connecting our office to our HQ. That MPLS router is connected to our LAN on address 192.168.22.78
So we need to do some routing in the Pix 510 for some specific nets/hosts on our HQ
HQ has asked me to do this routing in our firewall:
ip route xxx.xxx.xxx.0 255.255.255.0 192.168.22.78
How to do this in Pix PDM (the xxx.xxx.xxx.0 is because I don't want to tell the real network ip)
ok so 192.168.22.254 is the inside of the PIX
HQ Link is inside and its 192.168.22.78
>>How to do this in Pix PDM (the xxx.xxx.xxx.0 is because I don't want to tell the real network ip)
I understand your need for security but - this netrwork should be a private IP address range not a public one?
Does HQ get its internet connection through you? what needs routing back to them?
HQ Link is inside and its 192.168.22.78
>>How to do this in Pix PDM (the xxx.xxx.xxx.0 is because I don't want to tell the real network ip)
I understand your need for security but - this netrwork should be a private IP address range not a public one?
Does HQ get its internet connection through you? what needs routing back to them?
ASKER
No HQ does not get Internet connection through us.
They have set up the new MPLS on 192.168.22.78 so we can run applications on their servers. When the routing is ok, we can do DNS and trusts and so on, but first we need the routing, and that is what I need your help for.
They have set up the new MPLS on 192.168.22.78 so we can run applications on their servers. When the routing is ok, we can do DNS and trusts and so on, but first we need the routing, and that is what I need your help for.
ASKER
In other words:
When a pc needs to contact the application server in HQ at address 193.210.88.50 our default gateway (the Pix 510 at 192.168.22.254) should route the trafic to 192.168.22.78 (the MPLS router)
Thats it - how to do that in Pix PDM (if possible at all)
When a pc needs to contact the application server in HQ at address 193.210.88.50 our default gateway (the Pix 510 at 192.168.22.254) should route the trafic to 192.168.22.78 (the MPLS router)
Thats it - how to do that in Pix PDM (if possible at all)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Do you agree that another option is creating persistent routes on the PC's wil work for this setup?
ASKER
In Pix PDM on System Properties/Routing/Static Routing I can setup routing entries? Will that not work?
>>Do you agree that another option is creating persistent routes on the PC's wil work for this setup?
Yes thought thats a bit of a mess about, and you will need to remomber to add it to the new machines as you buy tem or farm it out by login script
route add xxx.xxx.xxx.0 mask 255.255.255.0 192.168.22.78 -p
>> In Pix PDM on System Properties/Routing/Static Routing I can setup routing entries? Will that not work?
No the PIX will not intelligently route traffic, you can add default routes per interface and assign metrics to those routes - or the firewall very loosley will support RIP routing but it wont make routing decisions for you.
Yes thought thats a bit of a mess about, and you will need to remomber to add it to the new machines as you buy tem or farm it out by login script
route add xxx.xxx.xxx.0 mask 255.255.255.0 192.168.22.78 -p
>> In Pix PDM on System Properties/Routing/Static Routing I can setup routing entries? Will that not work?
No the PIX will not intelligently route traffic, you can add default routes per interface and assign metrics to those routes - or the firewall very loosley will support RIP routing but it wont make routing decisions for you.
ASKER
Tested and you are absoloutely right. Of course.
We changed the default gateway in the dhcp scope so the gateway is now the router for the HQ link 192.168.22.78 and now it works, and Internet access works too.
So we don't need the Pix 501 routing anyway.
Thanks so much.
We changed the default gateway in the dhcp scope so the gateway is now the router for the HQ link 192.168.22.78 and now it works, and Internet access works too.
So we don't need the Pix 501 routing anyway.
Thanks so much.
No Probs glad you got there :)