[fw-wiz] Re: IP aliasing behind a PIX

From: Don Owens (don@xlogistics.com)
Date: 01/22/03 

From: Don Owens <don@xlogistics.com>
To: firewall-wizards@honor.icsalabs.com
Date: Wed Jan 22 17:38:15 2003

The problem has been resolved. Thanks to Mike Scher for pointing me to
the "static" lines in the conf. The intention was to map the entire
network behind the PIX (1-1 mapping, since the network is public), but
the entry had a netmask of 255.255.255.255 instead of 255.255.255.224.
Once I added a line with the correct netmask, the aliases began
working. However, now I wonder why the main IP on each interface worked
in the first place ...

Don

On Fri, 2003-01-17 at 18:04, Don Owens wrote:
> Hi guys,
>
> I'm overloading interfaces on Solaris and Linux boxen to have multiple
> IPs (same network though) behind a PIX firewall. From within the
> network, the aliases work fine (i.e., the machines are accessible using
> the aliased IPs). However, when trying to get to them from outside the
> network, the IPs are unreachable. These are public IPs and the routing
> works fine for each IP if that IP is the main IP of the box. If I swap
> the IP of one of the aliases with the main IP, that IP is then
> reachable. Then the alias works as well until I reboot the PIX.
>
> It seems to me this has to be the PIX, as I have not had this problem in
> the past using access lists on routers as firewalls. Has anyone else
> seen this problem? Am I missing a simple setting on the PIX or
> something?
>
> Any ideas?
>
> Don
>
> --
> Don Owens
> don@xlogistics.com
> www.xlogistics.com
>
> Express Logistics
> 48541 Warm Springs Blvd., Ste. 505
> Fremont, CA 94539 

--
Don Owens
don@xlogistics.com
www.xlogistics.com
Express Logistics
48541 Warm Springs Blvd., Ste. 505
Fremont, CA 94539

Relevant Pages

  • RE: [fw-wiz] Re: IP aliasing behind a PIX
    ... > network behind the PIX, but ... >> IPs behind a PIX firewall. ... >> network, the aliases work fine (i.e., the machines are accessible using ...
    (Firewall-Wizards)
  • [fw-wiz] IP aliasing behind a PIX
    ... IPs (same network though) behind a PIX firewall. ... network, the aliases work fine (i.e., the machines are accessible using ... Then the alias works as well until I reboot the PIX. ...
    (Firewall-Wizards)
  • PIX 515E dropping existing TCP connections
    ... I recently took over administration of a PIX 515E. ... network, and VPN to the PIX to access a private network. ... When the VPN is connected, I can SSH to hosts on the private network. ... PIX drops the connection after transferring just a few kilobytes. ...
    (comp.dcom.sys.cisco)
  • Re: [fw-wiz] bypassing PIX limitation
    ... setup another Pix box who's sole purpose is to connect to the ... Hopefully the following information will be clearer: The network behind ... assign the outside ip block from the partner to your global ... Can packets going into a VPN tunnel be NATed? ...
    (Firewall-Wizards)
  • IP alias Networking Errors.
    ... When the next group of IP were assigned to me, and I set them as aliases on ... 'Gateway' IP that was given to me when I got this set of IPs. ... I was given a new 'Network Number' and 'Gatweway' number ... Server Admin ...
    (freebsd-questions)