i ve just found this forum, it s cool.
So I am facing out of a problem
I have my network, we use a pix to protect our Internet access, and another router to provide site to site vpn.
My problem is: I need to have the PIX as default gateway for the inside network, and the pix must reroute some internal packets (destination 172.16.0.0) to the router for vpn connectivity.
I have read that pix does not provide icmp redirect, and so does not reroute packet to the router. So how can I bypass this ?
The administrator has disabled public write access.
If it is a 506e or larger, I would set up an interface on the pix that connects to the corporate router. The pix does act, in some ways, as a router but it has 2 major limitations: It will not redirect traffic and It will not allow traffic to leave an interface that it entered on (sometimes referred to as 'hairpinning').
If you don't have enough physical interfaces, you may have to use vlans. The 506e allows for vlans with the latest release of PixOS (up to 4 total interfaces which allows 2 physical interfaces and 2 vlans). The 515e's and up have always allowed vlans unless you are running a realy old version of PixOS.