Firewall Wizards mailing list archives
RE: Multiple world connections into PIX
From: "DCSIM Subscriptions (IA)" <DCSIMSUBS () ia ngb army mil>
Date: Fri, 6 Feb 2004 11:31:49 -0600
And therein lies the problem: routes are global. The capability for multiple routes is there for redundancy only, it seems. I was thinking that once the session is built the PIX would be smart enough to use the same interface for return traffic. So far I've been dissapointed. I guess IOS firewall would be a better choice for this situation, but the investment has already been made. - Lee -----Original Message----- From: Strydom, Willie [mailto:WStrydom () fnb co za] Sent: Monday, February 02, 2004 00:12 To: 'DCSIM Subscriptions (IA)'; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Multiple world connections into PIX you'll have top play with routing. I have seen a similar setup before, add routes to outside_1 and outside_2 for the hosts that you wanna send there. -----Original Message----- From: DCSIM Subscriptions (IA) [mailto:DCSIMSUBS () ia ngb army mil] Sent: 28 January 2004 12:51 To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Multiple world connections into PIX Greetings. I've run into an interesting problem on a PIX 515. Here's a makeshift diagram: Warning! ASCII art! outside_1 --------------|-----| inside_1 | |------- outside_2 | PIX | --------------| |------- (Def. GW) |-----| inside_2 LAN networks are NAT'd 10.x. "World" networks are real addresses. Effectively what I'm trying to do is make hosts on inside_1 use the outside_1 network and inside_2 hosts use outside_2. This would be considered policy routing on a Cisco router. So, when a connection is initiated from outside_1 to inside_1, it is built correctly, according to the log. However, when the return traffic is sent back through the PIX, it tries to go out the default gateway, which is outside_2, which does not have that connection established. I believe I have all the NAT rules and access lists correct, but the PIX keeps trying to use the same interface for outbound traffic. So far I have only tried to solve this in the PDM. I am hoping that there are some commands in the CLI that will solve my problem. Any ideas? - Lee _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards ____________________________________________________________________________ _______________________ The views expressed in this email are, unless otherwise stated, those of the author and not those of the FirstRand Banking Group or its management. The information in this e-mail is confidential and is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted in reliance on this, is prohibited and may be unlawful. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted or does not reach its intended destination. ________________________________ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Multiple world connections into PIX Luca Berra (Feb 01)
- <Possible follow-ups>
- Re: Multiple world connections into PIX Dave (Feb 02)
- RE: Multiple world connections into PIX DCSIM Subscriptions (IA) (Feb 06)