Static Routes
Static routes are manually configured routes that do not frequently change. They essentially
direct your Security Appliance to send traffic destined for a specific network to a specific
router that has connectivity to the destination network. Static routes are perhaps best
explained by using a network example. Figure 11-1 illustrates a simple network
configuration with hosts on both the 10.10.10.0 and 10.10.20.0 networks.
278 Chapter 11: Routing and the Cisco Security Appliance
Figure 11-1 Static Routes
When you configure the inside interface on the Security Appliance with a Class C address of
10.10.10.1, the Security Appliance automatically creates a route that enables it to send traffic
for the 10.10.10.0 network to the inside interface (identified by the keyword CONNECT
when viewing the routes). The Security Appliance may also receive traffic for the host whose
IP address is 10.10.20.10. By default, if the Security Appliance receives traffic for
10.10.20.10, it will not know where to send it. To enable the Security Appliance to know
where to send traffic for 10.10.20.10, you can configure a static route using the route
command. The syntax for the route command is as follows:
route interface-name ip-netmask gateway [metric]
The parameters for the route command are explained in Table 11-7. Using the network in
Figure 11-1, you can define a static route for the 10.10.20.0 network using the following
command:
pix515a(config)# route inside 10.10.20.0 255.255.255.0 10.10.10.2 1
Table 11-7 route Command Parameters
Parameter Description
interface-name The name of the interface on the Security Appliance through
which the traffic will travel to reach the destination network
(the name assigned in the nameif command).
ip-address The IP address(es) of the traffic to which the route pertains.
netmask The network mask of the route, which indicates the number of
addresses covered by the route. (For example, a Class C
network pertains to 256 different addresses and is specified as
255.255.255.0.)