[fw-wiz] Multiple world connections into PIX
From: DCSIM Subscriptions (IA) (DCSIMSUBS_at_ia.ngb.army.mil)
Date: 01/27/04
- Previous message: Ng Pheng Siong: "Re: [fw-wiz] Broken pipe on SSL connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <firewall-wizards@honor.icsalabs.com> Date: Tue, 27 Jan 2004 16:50:39 -0600
Greetings.
I've run into an interesting problem on a PIX 515. Here's a makeshift
diagram:
Warning! ASCII art!
outside_1
--------------|-----| inside_1
| |-------
outside_2 | PIX |
--------------| |-------
(Def. GW) |-----| inside_2
LAN networks are NAT'd 10.x.
"World" networks are real addresses.
Effectively what I'm trying to do is make hosts on inside_1 use the
outside_1 network and inside_2 hosts use outside_2. This would be
considered policy routing on a Cisco router.
So, when a connection is initiated from outside_1 to inside_1, it is built
correctly, according to the log. However, when the return traffic is sent
back through the PIX, it tries to go out the default gateway, which is
outside_2, which does not have that connection established.
I believe I have all the NAT rules and access lists correct, but the PIX
keeps trying to use the same interface for outbound traffic.
So far I have only tried to solve this in the PDM. I am hoping that there
are some commands in the CLI that will solve my problem.
Any ideas?
- Lee
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Ng Pheng Siong: "Re: [fw-wiz] Broken pipe on SSL connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
