The pix will not send traffic back out the same interface it recieved it on, it is considered a security issue. I ran into the same problem a year ago.
A solution would be to place a router in the DMZ, and have all hosts point to that. Anything not staying in the DMZ would then be routed to the PIX, which would happily send it out to the 'net. On Thu, 15 Nov 2001, Scott Pendergast wrote: > > Greetings! > > > > I have a case where I want the PIX to forward traffic destined for a > > particular network to a router interface on the same dmz the PIX recieves > > this traffic on. ie, the dmz interface for the PIX is the default gateway > > for all hosts on that dmz. Most traffic goes on to the PIX's default > > route (the 'net), some goes through the PIX back to the inside hosts on > > which it was initiated (administrative traffic for instance), and some > > needs to go to a subnet that has vpn access to that dmz. > > > > After defining the static route in question, I can ping the destination > > from the PIX, but not from a host on the dmz subnet where I need it to > > work from. > > > > Since the router interface through which the target network is reachable > > is local to the dmz subnet in question, as a (hopefully temporary) work > > around I've added static routes for the destination on each host (yuk!) > > > > ex: dmz-xx 10.x.x.0/23 10.x.x.1 1 CONNECT static (the .1 address is the > > PIX interface itself) > > dmz-xx 10.x.y.0/23 10.x.x.z 1 OTHER static (the .z address is a > > router interface on the 10.x.x.0 through which 10.x.y.0 can be reached...) > > > > Any reason I shouldn't expect this to work? > > > > thanks! > > > > Scott > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
