RE: [fw-wiz] Multiple world connections into PIX
From: DCSIM Subscriptions (IA) (DCSIMSUBS_at_ia.ngb.army.mil)
Date: 02/06/04
- Previous message: Joseph S D Yao: "Re: [fw-wiz] Spam (or, how to buy Cheap Korean Cellphones :-)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <firewall-wizards@honor.icsalabs.com> Date: Fri, 6 Feb 2004 11:31:49 -0600
And therein lies the problem: routes are global.
The capability for multiple routes is there for redundancy only, it seems.
I was thinking that once the session is built the PIX would be smart enough
to use the same interface for return traffic. So far I've been
dissapointed.
I guess IOS firewall would be a better choice for this situation, but the
investment has already been made.
- Lee
-----Original Message-----
From: Strydom, Willie [mailto:WStrydom@fnb.co.za]
Sent: Monday, February 02, 2004 00:12
To: 'DCSIM Subscriptions (IA)'; firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Multiple world connections into PIX
you'll have top play with routing. I have seen a similar setup before, add
routes to outside_1 and outside_2 for the hosts that you wanna send there.
-----Original Message-----
From: DCSIM Subscriptions (IA) [mailto:DCSIMSUBS@ia.ngb.army.mil]
Sent: 28 January 2004 12:51
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Multiple world connections into PIX
Greetings.
I've run into an interesting problem on a PIX 515. Here's a makeshift
diagram:
Warning! ASCII art!
outside_1
--------------|-----| inside_1
| |-------
outside_2 | PIX |
--------------| |-------
(Def. GW) |-----| inside_2
LAN networks are NAT'd 10.x.
"World" networks are real addresses.
Effectively what I'm trying to do is make hosts on inside_1 use the
outside_1 network and inside_2 hosts use outside_2. This would be
considered policy routing on a Cisco router.
So, when a connection is initiated from outside_1 to inside_1, it is built
correctly, according to the log. However, when the return traffic is sent
back through the PIX, it tries to go out the default gateway, which is
outside_2, which does not have that connection established.
I believe I have all the NAT rules and access lists correct, but the PIX
keeps trying to use the same interface for outbound traffic.
So far I have only tried to solve this in the PDM. I am hoping that there
are some commands in the CLI that will solve my problem.
Any ideas?
- Lee
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
____________________________________________________________________________
_______________________
The views expressed in this email are, unless otherwise stated, those of the
author and not those
of the FirstRand Banking Group or its management. The information in this
e-mail is confidential
and is intended solely for the addressee. Access to this e-mail by anyone
else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or
omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and integrity
of information and data
transmitted electronically and to preserve the confidentiality thereof, no
liability or
responsibility whatsoever is accepted if information or data is, for
whatever reason, corrupted
or does not reach its intended destination.
________________________________
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Joseph S D Yao: "Re: [fw-wiz] Spam (or, how to buy Cheap Korean Cellphones :-)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
