Connecting 2 pixs on the same network segment
I have a Cisco ASA 5510 at 192.168.10.241. I have DMZ 192.168.200.0 on one of the VLANS and of course our default route to the internet. Recently we added a faster connection to the internet just for the IT department. I am aware that I can not have 2 Default routes on an ASA or Pix. What I wanted to do as a work around is this. I have a Pix 515 that I set up as 192.168.10.253, and gave it a default route to the internet vis our new connection and I set a static route to our DMZ in the routing table. When I switch my PC to use the default route of 253 I can get to the internet, but can not communicate with any device in the DMZ. To test where my problem lies I hooked up a ratty Linksys Router in place of the PIX. I set a static route to the DMZ and it works perfect. Am I missing something on the PIX? I have read a few posts that doing this is not legal for a PIX. I can't see why. Or at least I can't see why this can not be overridden.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please add a network diagram. Your network design is not clear.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
That is correct...you can't do this with a PIX because a PIX does not behave like a true router. It will not allow you to send traffic to it and then have it redirect that traffic back out the same interface that it entered the firewall from, which is essentially what you are wanting it to do with your setup. Other devices will do this, but the PIX has some immutable rules by which it must abide, and that's one of them....:(