Connecting 2 pixs on the same network segment

Posted on 2008-11-10
Last Modified: 2012-05-05
I have a Cisco ASA 5510 at  I have DMZ on one of the VLANS and of course our default route to the internet.  Recently we added a faster connection to the internet just for the IT department.  I am aware that I can not have 2 Default routes on an ASA or Pix.  What I wanted to do as a work around is this.  I have a Pix 515 that I set up as, and gave it a default route to the internet vis our new connection and I set a static route to our DMZ in the routing table.  When I switch my PC to use the default route of 253 I can get to the internet, but can not communicate with any device in the DMZ.  To test where my problem lies I hooked up a ratty Linksys Router in place of the PIX.  I set a static route to the DMZ and it works perfect.  Am I missing something on the PIX?  I have read a few posts that doing this is not legal for a PIX.  I can't see why.  Or at least I can't see why this can not be overridden.
Question by:jmanix
    LVL 28

    Expert Comment

    >>I have read a few posts that doing this is not legal for a PIX.  I can't see why.

    That is can't do this with a PIX because a PIX does not behave like a true router.  It will not allow you to send traffic to it and then have it redirect that traffic back out the same interface that it entered the firewall from, which is essentially what you are wanting it to do with your setup.  Other devices will do this, but the PIX has some immutable rules by which it must abide, and that's one of them....:(
    LVL 2

    Accepted Solution

    If you have the latest software on your PIX ou can do this. Upgrade your IOS and look at these links. I went through this not too long ago.
    LVL 3

    Expert Comment

    Please add a network diagram. Your network design is not clear.
    LVL 35

    Expert Comment

    by:Ernie Beek
    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    This video discusses moving either the default database or any database to a new volume.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now