Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how is all incoming traffic forwarded to the PIX?

  • Thread starter Thread starter -
  • Start date Start date
Status
Not open for further replies.

Guest
I have an internet facing router running BGP for external routes, connected to a switch, connected to a PIX. BGP is advertising the route to x.y.z.0/24.

Assume the internal interface on the router is x.y.z.10/24 and it is connected to the same subnet as the PIX at x.y.z.15/24. The only static route on the router is x.y.z.0/24 Null0 (directly connected).

Incoming traffic is going to the firewall at .15; what in the configuration is directing the traffic here? I've worked with some Checkpoints in the past, and would typically have some kind of route that directed all incoming traffic to the IP address of the firewall. But I don't see how trafic gets forwarded to the PIX at .15 in this case. Also, I'm not familar with the Null0 interface.

Thanks.
 
Sort by date Sort by votes
Null0 is the pit bucket for traffic bound to destination not found in the routing table.
 
Upvote 0 Downvote
Since the firewall and router are on the same subnet, no route is needed. The router sees the x.y.z.0/24 as a "connected" network.

If you were using public internet addresses on your internal network, AND you were using "nat 0" so the world sees your internal network addresses, then your router would need a route to that network via the Pix. Otherwise, the Pix handles NAT, and is presenting your internal addresses to the world as x.y.z addresses, so that's all your router needs to know.
 
Upvote 0 Downvote
Your /24 range is advertised by your router so any traffic for this range will hit your router, yes? So, if the traffic for the firewall is hitting the router first, the router knows where to send this traffic as it has this IP range in its routing table as a directly connected network.

As Jamin123 said, Null0 is not for directly connected routes. If you have a directly connected network then it will appear in the routing table with a distance of 0. A static route would be 1.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
417
badwolf1686
B
Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
810
madwok
madwok
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
575
CPM86
CPM86
WinstonCH
  • Locked
  • Helpful tip Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
925
BIS
BIS
woza
  • Locked
  • Question Question
GNS3: Delete the lines "transport preferred none"
Replies
1
Views
765
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top