I think this comes from the fact that cisco instructors in class say that
the Pix is not a router. I have heard this as well when I had the class.
I know the Pix is not a router, but does it route? Well, if making decisions
about where to send traffic based on layer 3 info is routing then I would
argue it does route. It does not forward traffic based on layer 2 info so
......
It routes traffic to the appropriate interface. Can someone else shed some
light as to why this is said. If it doesn't route the traffic it recieves
what does it do?
-----Original Message-----
From: haroldnjoe <[EMAIL PROTECTED]>
Newsgroups: groupstudy.cisco
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, February 16, 2001 12:41 PM
Subject: Firewalls and VPNs
>I've read here a couple of times that PIX's don't route. Period. In light
of
>this I'm left a little confused as to a proposed network map I was given
>recently.
>
>The core layer router is a 3640 linking all of our branch offices together.
>From the 3640, there is an ethernet connection to a PIX 515R. From the
PIX,
>there is another ethernet connection to a 1750 router. The 1750 connects
via
>T1 to our ISP. There is yet another ethernet connection from the PIX to
the
>isolation lan, on which resides an internet mail/web server and a VPN 3000
>concentrator.
>
>If PIX's don't route, what subnet is the isolation lan going to sit on? As
>I understand it, the PIX will be providing NAT functionality for the 3640
>and everything behind it. So I would assume that the T1 and ethernet
>interfaces on the 1750, the outside interfaces on the PIX, and everything
in
>the isolation lan including the VPN concentrator will have to have public
IP
>addresses which will be given to us by our ISP. The way the map is layed
>out, it looks to me like the isolation lan would have to be on its own
>subnet.
>
>What am I missing? If the PIX doesn't route, do it's ethernet interfaces
>reside on the same subnet as the isolation lan? If so, then the ethernet
>interface on the 1750 must also be on that subnet, right?
>
>This is the proposed network map that Cisco's presale engineers gave me.
>I'm sure it's a solid design, but I'm still trying to work out the details
>so that I understand what I'm implementing (always a good thing, I think).
>
>Thanks for your time,
>
>[EMAIL PROTECTED]
>
>
>_________________________________
>FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
