Re: Multiple world connections into PIX

[Dave <firewall () dsrtech com>]

Lee,

Add a route back out "outside_1" for the source network entering. If the
PIX doesn't know the remote network to be out this interface it will use
the default route. (wrong way)

Good luck,
Dave

PIX515(config)# route ?
Usage:  [no] route <if_name> <foreign_ip> <mask> <gateway> [<metric>]
PIX515(config)#







On Tue, 2004-01-27 at 17:50, DCSIM Subscriptions (IA) wrote:
> Greetings.
>
> I've run into an interesting problem on a PIX 515.  Here's a makeshift
> diagram:
>
> Warning! ASCII art!
>
> outside_1              
> --------------|-----|  inside_1       
>               |     |------- 
> outside_2     | PIX |        
> --------------|     |------- 
> (Def. GW)     |-----|  inside_2     
>
>
> LAN networks are NAT'd 10.x.
> "World" networks are real addresses.
>
> Effectively what I'm trying to do is make hosts on inside_1 use the
> outside_1 network and inside_2 hosts use outside_2.  This would be
> considered policy routing on a Cisco router.
>
> So, when a connection is initiated from outside_1 to inside_1, it is built
> correctly, according to the log.  However, when the return traffic is sent
> back through the PIX, it tries to go out the default gateway, which is
> outside_2, which does not have that connection established.
>
> I believe I have all the NAT rules and access lists correct, but the PIX
> keeps trying to use the same interface for outbound traffic.
>
> So far I have only tried to solve this in the PDM.  I am hoping that there
> are some commands in the CLI that will solve my problem.
>
> Any ideas?
>
> - Lee
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards