route inside/outside question 1

[nick25]

Hello.

I have a question about the route inside and route outside commands.

I have a PIX515E with 2 interfaces, outside and inside. Outside goes to router and internet, and inside goes to a switch. As I understand it, I would use the route outside command like this:

route outside 0 0 192.168.30.2(ip address of outside router?)

Is that correct?

How about the route inside part? What address should I use, if needed at all?

I'm fairly new to this area of work and hopefully I didn't say anything silly...

Thank you for your help.

Nick

 

[lgarner]

That's correct. If your Pix doesn't know how to get to your internal networks, then you'd need a "route inside" command. It works the same way:

route inside <lan_net> <lan_mask> <next_hop>

 

[nick25]

Thanks

 

[nick25]

Just to confirm something about the route inside part.

The network is setup like this currently:

net1 -- Nokia firewall -- net2(DMZ with webserver etc) --- PIX --- router ->internet

I need to use route inside to let the PIX communicate with net1, correct? like this?

route inside 192.168.10.0 255.255.255.0 192.168.20.1

where the 192.168.10/24 network is net1 and 192.168.20.1 the ip of the nokia appliance's outside interface.

 

[lgarner]

Exactly. Pix route statements are really the same as for routers, with 2 exceptions:
- add the interface
- remote the "ip" (since Pix only does IP).

 

[nick25]

Thanks again.