PBR. Router and PIX Same LAN

I don't quite understand what you are trying to achieve, but pbr is always applied on the interface on which packets are received, not the outgoing interface, so your configuration should be ok.

/TC

skrev i meddelandet news: snipped-for-privacy@g14g2000cwa.googlegroups.com...

Thanks. I just want to be sure incoming internet traffic does not bypass the pix. It should not because my routing table shows a connected route to the pix fa0/1 network. I did not think I would need PBR, but I could not get things going without it.

Traffic from the branch building will be coming in on a non-routable ip. I would expect the pix would drop it if it hit the outside intf. That is why I have the two gateway devices on one LAN. Is there a better way to do this? Connect the other pix interface to the branch's on fa0/0?

Ok I think I understand the scenario now.

In this case I would configure separate routing instances with VRFs on the "outside" router.

For example you can create two instances, one for the branch office and another for the internet. Each VRF has its own IP routing table, CEF table, and two interfaces that use this forwarding table. No information can leak between interfaces in different VRFs.

Think of it as a kind of VPN, or MPLS "light".

Regards,

/TC

skrev i meddelandet news: snipped-for-privacy@g14g2000cwa.googlegroups.com...

In article , wrote: :I need to route traffic to the Internet through a PIX and send traffic :to my branch through a pvc bypassing the pix. (RFC1918 addresses)

Why not have the traffic go through the PIX, but use

nat (inside) 0 access-list ACLNAME

That disables NAT for traffic that matches the ACL (note: the ACL is read with the inside traffic being in the first field and the outside being in the second field; so for traffic going out, it is read in the normal source-then-dest sense, and for traffic coming in it is read in "in reverse")