[TriLUG] Another Routing Question

[Nick]

Or, god forbid, a conduit!

Ryan Leathers wrote:
> Hey guys.  Sorry I am a little late with this thread.  I usually try to respond to routing / networking questions on this list since thats sorta my "thing"
>
> The PIX can route just fine.  The thing that is unique about a PIX compared to a "normal" layer 3 device is that it has some special rules about its interfaces.  The inside interface is the highest level security interface.  The outside interface is the lowest.  On a PIX with more than 2 interfaces the others all get assigned relative security levels in between.
>
> Traffic always gets to "ride for free" from a higher to a lower security interface.  However, in order for traffic to originate outside and pass from a lower to a higher security interface you need more than STATIC statements and a routing protocol (or static route statements).  You also require an ACL line to match traffic on the static in order for it to pass to the higher security interface.
>
>
> -----Original Message-----
> From: trilug-bounces at trilug.org on behalf of Rick DeNatale
> Sent: Thu 6/22/2006 1:29 PM
> To: Triangle Linux Users Group discussion list
> Subject: Re: [TriLUG] Another Routing Question
>  
> On 6/22/06, Eric Gerney <gerney at att.com> wrote:
>   
>> Brain,
>>
>>     
>>> So this makes me think it's something about the PIX........
>>>
>>> Aside from PIX peculiarities, this should generally work, right?  Since
>>> it works on the SonicWall'ed subnet..
>>>       
>> Generally your configuration will work, however, the PIX is not _really_ a
>> router and it will _NOT_ route or redirect traffic back to the interface
>> it received a packet on.
>>     
>
> So you guys got me to googling.
>
> I don't know if it's relevant, but some might enjoy the "diagrams"
>
> http://www.routergod.com/deniserichards/
>
>
>