On 5 Jun 2001, at 15:28, Rod Cappon wrote:
> The answer is yes but it depends.
>
> If the traffic on to C1 originates on the C subnet
> or a known subnet that you have entered static routes for
> then all is well
>
> If the Traffic originates from a unknown subnet and you are depending then
> on the default gateway.
> The out bound traffic will go out the B subnet assuming it has been
> set up as the default gateway.
>
> I checked and Cisco Docs for Version 6.0 states on page 2-21 " You
> can have only one default route for the PIX Firewall "
... and there's NOTHING WRONG WITH THAT. Unless an ISP is having a
(temporary) peering problem, traffic *from* C1 that gets routed
outbound via subnet B will eventually find its way to where it's
supposed to go.
(Exception: You, or the ISP that supplies subnet B, *might* have
anti-spoofing rules in place that block all other origin addresses.
But that won't happen by itself.)
The outbound routing tends to throw some people, but it's actually
a non-issue. It's the *inbound* mapping that I don't know whether
the PIX can do.
David Gillett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
