[TriLUG] Another Routing Question
Ryan.Leathers at globalknowledge.com
Thu Jun 22 15:19:13 EDT 2006
Hey guys. Sorry I am a little late with this thread. I usually try to respond to routing / networking questions on this list since thats sorta my "thing"
The PIX can route just fine. The thing that is unique about a PIX compared to a "normal" layer 3 device is that it has some special rules about its interfaces. The inside interface is the highest level security interface. The outside interface is the lowest. On a PIX with more than 2 interfaces the others all get assigned relative security levels in between.
Traffic always gets to "ride for free" from a higher to a lower security interface. However, in order for traffic to originate outside and pass from a lower to a higher security interface you need more than STATIC statements and a routing protocol (or static route statements). You also require an ACL line to match traffic on the static in order for it to pass to the higher security interface.
From: trilug-bounces at trilug.org on behalf of Rick DeNatale
Sent: Thu 6/22/2006 1:29 PM
To: Triangle Linux Users Group discussion list
Subject: Re: [TriLUG] Another Routing Question
On 6/22/06, Eric Gerney <gerney at att.com> wrote:
> >So this makes me think it's something about the PIX........
> >Aside from PIX peculiarities, this should generally work, right? Since
> >it works on the SonicWall'ed subnet..
> Generally your configuration will work, however, the PIX is not _really_ a
> router and it will _NOT_ route or redirect traffic back to the interface
> it received a packet on.
So you guys got me to googling.
I don't know if it's relevant, but some might enjoy the "diagrams"
IPMS/USA Region 12 Coordinator
Visit the Project Mercury Wiki Site
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
More information about the TriLUG