RE: [fw-wiz] Ping between PIX remote peers

yes you can but it will not work for this. This is usually used for DNS
doctoring but if it is coming from another interface then it can be used for
dnat. Not seeing what the original question is below I am assuming it
regarding site to site ipsec tunnels. What Brian said below is correct
about the operation of the pix. Once again not seeing the original question
it doesnt make any sense why you are trying to traverse the tunnels from the
51 net to access the 50 net if the 50 net is behind the same pix. I am sure
this is not the scenario so if someone could forward the orginal question I
can take a look. Thanks.

-----Original Message-----
From: firewall-wizards-admin@xxxxxxxxxxxxxxxxxx on behalf of Brian Loe
Sent: Tue 5/2/2006 12:06 PM
To: firewall-wizards@xxxxxxxxxxxxxxxxxx
Subject: Re: [fw-wiz] Ping between PIX remote peers

Can you alias a network?

On 4/26/06, Utz, Ralph <rutz@xxxxxxxxxxxxxxx> wrote:
Based exactly as you have diagrammed, your setup will not work. You will
not be able to ping from end point to end point. The reason is because
the PIX will not send traffic out the same interface it came in on. In
this scenario, traffic from is coming into the PIX on
interface0 and needs to go back out interface0 to get to
By design, the PIX will not pass this traffic.
firewall-wizards mailing list

firewall-wizards mailing list