RE: [fw-wiz] PIX DMZ inter-access via outside IP address

• Previous message: Ray Burkholder: "RE: [fw-wiz] How AAA in PIX Firewall ?"
• Maybe in reply to: Keith Anderson: "[fw-wiz] PIX DMZ inter-access via outside IP address"
• Next in thread: Andy Lyakhovetskiy: "RE: [fw-wiz] PIX DMZ inter-access via outside IP address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Sat, 6 Dec 2003 22:41:09 -0700

AS a follow-up, the problem ended up being a routing issue. Packets
destined to the outside interface would get ignored by the router because
they were assumed to be destined for a device on that domain. The solution
was to use non-Internet routable addresses between the PIX and the router.
Now that it has a different IP class, the router redirects those packets
back to the PIX, and communication using the Internet addresses works on all
interfaces.

Seems obvious now that it was pointed out to me. More evidence that I need
a vacation.

I'll post the configs if anyone wants to see the finished product.

> THE KILLER PROBLEM: The two servers in the DMZ CAN NOT access
> each other
> using their public Internet addresses. They can use their
> 192.168 addresses
> just fine, but not their public addresses.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Ray Burkholder: "RE: [fw-wiz] How AAA in PIX Firewall ?"
• Maybe in reply to: Keith Anderson: "[fw-wiz] PIX DMZ inter-access via outside IP address"
• Next in thread: Andy Lyakhovetskiy: "RE: [fw-wiz] PIX DMZ inter-access via outside IP address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]