Lee,
Add a route back out "outside_1" for the source network entering. If the
PIX doesn't know the remote network to be out this interface it will use
the default route. (wrong way)
Good luck,
Dave
PIX515(config)# route ?
Usage: [no] route <if_name> <foreign_ip> <mask> <gateway> [<metric>]
PIX515(config)#
On Tue, 2004-01-27 at 17:50, DCSIM Subscriptions (IA) wrote:
> Greetings.
>
> I've run into an interesting problem on a PIX 515. Here's a makeshift
> diagram:
>
> Warning! ASCII art!
>
> outside_1
> --------------|-----| inside_1
> | |-------
> outside_2 | PIX |
> --------------| |-------
> (Def. GW) |-----| inside_2
>
>
> LAN networks are NAT'd 10.x.
> "World" networks are real addresses.
>
> Effectively what I'm trying to do is make hosts on inside_1 use the
> outside_1 network and inside_2 hosts use outside_2. This would be
> considered policy routing on a Cisco router.
>
> So, when a connection is initiated from outside_1 to inside_1, it is built
> correctly, according to the log. However, when the return traffic is sent
> back through the PIX, it tries to go out the default gateway, which is
> outside_2, which does not have that connection established.
>
> I believe I have all the NAT rules and access lists correct, but the PIX
> keeps trying to use the same interface for outbound traffic.
>
> So far I have only tried to solve this in the PDM. I am hoping that there
> are some commands in the CLI that will solve my problem.
>
> Any ideas?
>
> - Lee
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards_at_honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 03 2004
Intro
