The PIX firewall supports only two methods of routing ”static and passive RIP. Static routing is the process of manually configuring a route, whereas passive RIP is the process of dynamically learning routes via the Routing Information Protocol (RIP) from other RIP-enabled routers. The PIX firewall does not share its routing information with other routers; it only passively listens to RIP advertisements.

After you assign an IP address to an interface, the PIX firewall creates a directly connected entry in the routing table. But any routes not directly connected need to be configured. Listing 8.5 uses the show route command to display the directly connected routes shown in Figure 8.5.

Listing 8.5 Connected Routes
 pixfirewall(config)# show route         outside 1 CONNECT static         inside 1 CONNECT static pixfirewall(config)# 
Figure 8.5. PIX network.


Static Routes

Manually configuring static routes enables the PIX firewall to direct traffic out the appropriate interface and off to the next hop. The route command is used to create a manual static route; its command syntax is shown here:

 pixfirewall(config)# [no] route <if_name> <foreign_ip> <mask>                <gateway> [<metric>] 

Table 8.8 displays the command options for the route command.

Table 8.8. route Command Options




This is the interface name where the route exists.


This is the network address to be routed. Use for the default route.


This specifies a mask to use with the foreign_ip option.


This is the next hop IP address to get to the network defined in the foreign_ip option.


This specifies the hops to the network.

In Listing 8.6, two static routes are created. The first is a default route to the Internet, and the second is a static route to the network.

Listing 8.6 Static Routes
 pixfirewall(config)# clear route pixfirewall(config)# route outside pixfirewall(config)# route inside pixfirewall(config)# show route         outside 1 OTHER static         inside 1 OTHER static         outside 1 CONNECT static         inside 1 CONNECT static pixfirewall(config)# 

In Listing 8.6, the first line clears all the existing routes, and the second line displays the route command needed to configure a static default route to the Internet according to Figure 8.5. The third line configures a static route to the network going through the gateway of

The Routing Information Protocol

The PIX firewall can learn routes dynamically using the routing protocols RIP v1 or RIP v2. The routing protocol RIP advertises the routes a device knows to other RIP-enabled devices. Although the PIX supports RIP, it listens to RIP advertisements only in a passive configuration. This enables the PIX to learn routes for other devices without advertising them to others. The exception to this is that the PIX can advertise a default route to another device, but it won't advertise any learned routes. The following is the rip command's syntax:

 pixfirewall(config)# [no] rip <if_name> defaultpassive [version <12>]                [authentication <text md5> <key> <key id>] 

Table 8.9 displays the rip command's options.

Table 8.9. rip Command Options




This is the interface name to perform RIP.


This broadcasts the default route on the interface.


This enables passive RIP, which allows the PIX to learn RIP routes.

version 12

This enables version 1 or 2 RIP.


This works with RIP v2 to provide secure routing updates.

Here is an example of the using the rip command:

 pixfirewall(config)# rip inside passive version 1 

Table 8.10 lists four other helpful routing and RIP commands.

Table 8.10. General Routing Commands



show route

Displays a routing table

clear route

Clears a single route or the whole routing table

show rip

Displays only RIP-learned routes

debug rip

Used to display RIP traffic


To create a default route, you use the route outside <gateway ip address> command. This command can also be written as route outside 0 0 <gateway ip address> .

CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218 © 2008-2017.
If you may any questions please contact us: