PIX - redirecting on the inside interface

Discussion in 'Cisco' started by Lasse, Sep 13, 2006.

  1. Lasse

    Lasse Guest

    I'm trying to setup a static route to a network on the inside interface
    of a PIX firewall. The thought is that instead of spreading a static
    route to all the users on the network, they should use their default
    route to the PIX, and there be redirected to another machine on the
    inside network. Now, I have set up the route properly as far as I can
    see, and the following shows up when doing a sh route (I have deleted
    the CONNECT lines and changed/omitted some IP addresses):
    outside 0.0.0.0 0.0.0.0 <outside gateway> 1 OTHER static
    inside 10.11.12.0 255.255.255.0 192.168.0.1 1 OTHER static

    (10.11.12.0 is the network I want to reach through the 192.168.0.1 on
    the inside network)

    When trying to access a webpage on the 10.11.12.x-network from a
    machine on the inside network (192.168.0.x), the connection is reset by
    the PIX.

    Does the PIX not allow redirection of traffic on the inside interface?

    Any other suggestions on what to try?

    Thanks,
    Lasse
    Lasse, Sep 13, 2006
    #1
    1. Advertising

  2. * Lasse wrote:
    > Does the PIX not allow redirection of traffic on the inside interface?


    No. The PIX is not a router.
    (It is possible starting with PixOs 7.x to redirect traffic between VPN
    peers on the same interface, but I do not tried this to allow routing on a
    stick. I doubt, it will work, because the internal pix logic needs two
    interfaces to pass traffic.)
    Lutz Donnerhacke, Sep 13, 2006
    #2
    1. Advertising

  3. Lasse

    swapnendu

    Joined:
    Sep 13, 2006
    Messages:
    57
    nopes thts not possible on PIX until unless its an IPSec protected traffic i.e the VPN traffic....pix doesnt allow redirection on the same interface due to security reasons...
    swapnendu, Sep 13, 2006
    #3
  4. Lasse

    Lasse Guest

    Lutz Donnerhacke wrote:
    > * Lasse wrote:
    > > Does the PIX not allow redirection of traffic on the inside interface?

    >
    > No. The PIX is not a router.
    > (It is possible starting with PixOs 7.x to redirect traffic between VPN
    > peers on the same interface, but I do not tried this to allow routing on a
    > stick. I doubt, it will work, because the internal pix logic needs two
    > interfaces to pass traffic.)


    Thanks! Then I know we'll have to look for another solution. :)
    Lasse, Sep 14, 2006
    #4
  5. Lasse

    swapnendu

    Joined:
    Sep 13, 2006
    Messages:
    57
    adding some further gyaan onto this, PIX 7 allows redirection on the same interface and its not just for IPSec traffic but for all traffic.

    same-security-traffic permit {inter-interface | intra-interface}

    The intra-interface keyword now allows all traffic to enter and exit the
    same interface, and not just IPSec traffic.

    I was incorrect in saying tht only IPSec traffic is permitted for redirection earlier.
    swapnendu, Sep 16, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. eugene123
    Replies:
    4
    Views:
    2,653
    Mark Smythe
    Sep 25, 2003
  2. jonnah
    Replies:
    1
    Views:
    1,107
    mcaissie
    Apr 21, 2004
  3. marti314
    Replies:
    1
    Views:
    2,073
    Walter Roberson
    Aug 5, 2005
  4. AM
    Replies:
    1
    Views:
    2,592
  5. Replies:
    2
    Views:
    1,446
Loading...

Share This Page