«

Hi all,

I have the current situation :

PIX Firewall with 3 networks attached. LAN (sec100), DMZ(sec50),
Internet(sec0). In the DMZ I have a server that needs to connect to a
server on our LAN. As far as I know you need a static for this. All is
configurerd by a network/firewall engineer. There is also an
access-list that allows Host DMZ -> Host LAN all IP is allowed (for
testing).

The following :

1. Ping from DMZ-host to LAN-host -> no reply.
2. Ping from LAN-host to DMZ-host -> I get reply's !
3. Ping from DMZ-host to LAN-host -> I no DO get reply's !

It seems that the ARP cache of the firewall needs to get filled with
MAC's from the LAN side to be able to communicate. When the arp
entry's time-out, i have the same problem all over again. I needed to
turn off ProxyARP on the DMZ interface for other DMZ problems.

Anybody can help ?

Thanx

In article <> ,
Thys <> wrote:
:It seems that the ARP cache of the firewall needs to get filled with
:MAC's from the LAN side to be able to communicate. When the arp
:entry's time-out, i have the same problem all over again. I needed to
:turn off ProxyARP on the DMZ interface for other DMZ problems.

:Anybody can help ?

If you turn off proxy arp, then you need to *route* the packets
to the PIX.
--
WW{Backus,Church,Dijkstra,Knuth,Hollerith,Turing,v onNeumann}D ?