Re: [fw-wiz] 2 PIXes with their interfaces sharing the same switch and on the same VLAN.

Hi Rudy,

Are the two pix'es connected in other way besides the wan? For example A
"lan" and B "dmz" are in the same network. If they are connected via
these interfaces that explains why changing the gateway works. If you
enable nat on B "dmz" you should be able to connect to the server.


On Sat, 2009-08-01 at 08:19 +0700, Rudy Setiawan wrote:
Hi all,

I have some problem that I need some solution/advice :)

I have two PIX'es
* PIX A WAN is connected to Provider A
* PIX B WAN is connected to Provider B
* PIX A inside interface has the IP address of 10.15.1.1
* PIX B DMZ interface has the IP address of 10.15.1.2
* PIX B inside interface has the IP address of 10.17.1.1
* Subnet mask for all of the IP addresses 255.255.0.0 or /16

I disabled nat by way of nat 0 access-list to both PIXes and the
interfaces as well (except the WAN).
I have a "ip permit any any" applied to all interfaces except the WAN,

A user with IP 10.17.1.2 has a gateway of 10.17.1.1 is able to ping a
server in 10.15.1.10 (the server has a gateway of 10.15.1.1) but is
unable to ssh to the server.
But if I changed the gateway of the server to 10.15.1.2, then the user
is able to ssh to the server.

What am I doing wrong here?

Thank you so much in advance for the help.

Regards,
Rudy

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
--
Marjan Naumovski
System & Security Engineer
ISP Neotel - Skopje
marjan.naumovski@xxxxxxxxxxxxx
Tel: +389 2 5511 141
mob: +389 75 446 503

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: DCPromo RPC Error
    ... If you want that Your Dc work with multiple interfaces, ... Melbourne internal is also 192.168.0.x and external is 192.168.2.x ... I have Melbourne and Sydney sites in AD Sites and Services and the ... The Sydney server is the DC and I would like to make the Melbourne ...
    (microsoft.public.windows.server.active_directory)
  • Re: setup unable to determine the dns name of this computer.
    ... > Ethernet adapter Local Area Connection: ... > The machine has two interfaces on the motherboard. ... this server, disable one interface and see what happens. ... > the network and I have been considering stopping it from being this (I ...
    (microsoft.public.exchange.setup)
  • Re: Routing Problem
    ... If you have multiple interfaces and you configure a default gateway for each ... FreeBSD's routing table at any one time for default route traffic, ... In FreeBSD, you can manually configure the routing table for the individual ...
    (freebsd-questions)
  • Re: Wireless NIC in FreeBSD 6.0 ?
    ... interfaces to be configured with dhcp. ... requested from the server, information required of the server, ... If both interfaces are configured with dhcp then dhclient will unconfigure the interface if there is no connection be it wired or wireless and the configuration of the working interface should take effect. ...
    (freebsd-questions)
  • Re: Kann Samba-Share nicht unter Linux mounten
    ... zuerst hatte ich die Antwort im falschen Fred gepostet. ... # server string is the equivalent of the NT Description field ... # WINS Support - Tells the NMBD component of Samba to enable its WINS Server ... # Only bind to the named interfaces and/or networks; ...
    (de.comp.os.unix.networking.samba)