Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX solaris and Windows

Reply
Thread Tools

PIX solaris and Windows

 
 
David Hodgson
Guest
Posts: n/a
 
      09-23-2004
hi folks,

I have a pix 501 which separates 2 networks, 1 network = 192.168.0.0
(inside) the other network is 192.168.10.0 (outside).

I have both solaris,windows and linux boxes on the outside, I have only
windows boxes on the inside.

I have no NAT on PIX and am using only access rules. The access rules I have
are..

(from inside to outside) "icmp" from 192.168.0.0 with a destination of
192.168.10.0 is allowed
(from outside to inside) "icmp" from ANY with a destination of 192.168.0.0
is allowed

now with these rules in effect the following happens...

from the outside...
Windows boxes and linux boxes on the outside can ping any inside windows box
Solaris boxes can only ping outside boxes, they can't ping anything inside

from the inside...
Windows boxes can ping all solaris, windows and linux boxes

What I've noticed...
If I ping from host 192.168.0.1 to solaris box 192.168.10.1 I get a
response, then if I ping from solaris box 192.168.10.1 to windows box
192.168.0.1 I get a response, this is the only time it works, it's as if NAT
is stopping transmission.

is this a solaris issue or a PIX issue??

anyone please help

Dave



 
Reply With Quote
 
 
 
 
PES
Guest
Posts: n/a
 
      09-23-2004

"David Hodgson" <(E-Mail Removed)> wrote in message
news:ciut5p$612$1$(E-Mail Removed)...
> hi folks,
>
> I have a pix 501 which separates 2 networks, 1 network = 192.168.0.0
> (inside) the other network is 192.168.10.0 (outside).
>
> I have both solaris,windows and linux boxes on the outside, I have only
> windows boxes on the inside.
>
> I have no NAT on PIX and am using only access rules. The access rules I
> have
> are..
>
> (from inside to outside) "icmp" from 192.168.0.0 with a destination of
> 192.168.10.0 is allowed
> (from outside to inside) "icmp" from ANY with a destination of 192.168.0.0
> is allowed
>
> now with these rules in effect the following happens...
>
> from the outside...
> Windows boxes and linux boxes on the outside can ping any inside windows
> box
> Solaris boxes can only ping outside boxes, they can't ping anything inside
>
> from the inside...
> Windows boxes can ping all solaris, windows and linux boxes
>
> What I've noticed...
> If I ping from host 192.168.0.1 to solaris box 192.168.10.1 I get a
> response, then if I ping from solaris box 192.168.10.1 to windows box
> 192.168.0.1 I get a response, this is the only time it works, it's as if
> NAT
> is stopping transmission.
>
> is this a solaris issue or a PIX issue??
>
> anyone please help
>
> Dave
>
>


The xlate with nat 0 is built as the first packet goes from in to out. Then
incoming initiated traffic as defined in the acl could use the xlate until
it times out. If you want to lock the translation table to what nat 0 would
do,

from memory only

static (inside,outside) 192.168.0.0 192.168.0.0 netmask 255.255.255.0

then clear xlate

>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX 515 - can Use VPN300 Client and PIX-to-PIX VPN at the same time? Stephen M Cisco 1 11-14-2006 02:03 PM
PIX and solaris question Rob Cisco 8 03-23-2005 07:32 PM
Still problem with PIX and Solaris-Please help Rob Cisco 2 03-22-2005 09:32 AM
Pix-to-Pix and Client-to-Pix VPN AlanP Cisco 3 04-07-2004 05:06 AM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM



Advertisments