Re: [fw-wiz] 2 PIXes with their interfaces sharing the same switch andon the same VLAN.



Yes PIX A does have a route for 10.17.0.0/16 to PIX B DMZ IP.
If I take out that static route, I cant ping any of the hosts.

I guess it was right that the asymmetric is the problem here, The PIX/any
firewall should be smart enough to know how to handle that hehehe :)

The temp solution that I had was just to change the gateway of the required
servers to the PIX B DMZ.

Thanks so much for the help everyone.

Regards,
Rudy
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: A Tale of Two PIXes
    ... From the inside interface, the PIX attaches to out 6509 ... and there is no DMZ. ... >working through the 4MB connection. ...
    (comp.dcom.sys.cisco)
  • [fw-wiz] Double firewall setup (long)
    ... One PIX 515E w/ 3 interfaces: inside, outside, DMZ. ... access-list OUTB permit tcp 10.181.8.0 255.255.248.0 any eq www ... interface ethernet0 auto ...
    (Firewall-Wizards)
  • RE: [fw-wiz] PIX 520 - control traffic between DMZ and inside devices
    ... The Nat 0 rule should be used for the internal server. ... This will allow trafic to traverse the PIX from ... Assuming you have the Server Statically mapped to an external Address: ... PIX 520, Three interfaces - inside, Outside and DMZ. ...
    (Firewall-Wizards)
  • RE: [fw-wiz] PIX 520 - control traffic between DMZ and inside devices
    ... If you are going from a lower security level to a higher ... This will allow trafic to traverse the PIX from ... PIX 520, Three interfaces - inside, Outside and DMZ. ... I cannot ping any inside devices from the PIX "DMZ" interface ...
    (Firewall-Wizards)
  • Re: Problems configuring my PIX525
    ... I am almost sure that Cisco ... > offers some kind of training for the PIX. ... DMZ should be 192.168.x.x, again you have the wrong subnet mask - change ... and static is only used for incoming connection. ...
    (comp.security.firewalls)