[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 297
  • Last Modified:

Connecting 2 pixs on the same network segment

I have a Cisco ASA 5510 at 192.168.10.241.  I have DMZ 192.168.200.0 on one of the VLANS and of course our default route to the internet.  Recently we added a faster connection to the internet just for the IT department.  I am aware that I can not have 2 Default routes on an ASA or Pix.  What I wanted to do as a work around is this.  I have a Pix 515 that I set up as 192.168.10.253, and gave it a default route to the internet vis our new connection and I set a static route to our DMZ in the routing table.  When I switch my PC to use the default route of 253 I can get to the internet, but can not communicate with any device in the DMZ.  To test where my problem lies I hooked up a ratty Linksys Router in place of the PIX.  I set a static route to the DMZ and it works perfect.  Am I missing something on the PIX?  I have read a few posts that doing this is not legal for a PIX.  I can't see why.  Or at least I can't see why this can not be overridden.
0
jmanix
Asked:
jmanix
1 Solution
 
batry_boyCommented:
>>I have read a few posts that doing this is not legal for a PIX.  I can't see why.

That is correct...you can't do this with a PIX because a PIX does not behave like a true router.  It will not allow you to send traffic to it and then have it redirect that traffic back out the same interface that it entered the firewall from, which is essentially what you are wanting it to do with your setup.  Other devices will do this, but the PIX has some immutable rules by which it must abide, and that's one of them....:(
0
 
CanalInsCommented:
If you have the latest software on your PIX ou can do this. Upgrade your IOS and look at these links. I went through this not too long ago.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml


http://www.tech21century.com/tag/same-security-traffic-permit-intra-interface/
0
 
Router_MonkeyCommented:
Please add a network diagram. Your network design is not clear.
0
 
Ernie BeekCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now