PIX solaris and Windows

Discussion in 'Cisco' started by David Hodgson, Sep 23, 2004.

  1. hi folks,

    I have a pix 501 which separates 2 networks, 1 network = 192.168.0.0
    (inside) the other network is 192.168.10.0 (outside).

    I have both solaris,windows and linux boxes on the outside, I have only
    windows boxes on the inside.

    I have no NAT on PIX and am using only access rules. The access rules I have
    are..

    (from inside to outside) "icmp" from 192.168.0.0 with a destination of
    192.168.10.0 is allowed
    (from outside to inside) "icmp" from ANY with a destination of 192.168.0.0
    is allowed

    now with these rules in effect the following happens...

    from the outside...
    Windows boxes and linux boxes on the outside can ping any inside windows box
    Solaris boxes can only ping outside boxes, they can't ping anything inside

    from the inside...
    Windows boxes can ping all solaris, windows and linux boxes

    What I've noticed...
    If I ping from host 192.168.0.1 to solaris box 192.168.10.1 I get a
    response, then if I ping from solaris box 192.168.10.1 to windows box
    192.168.0.1 I get a response, this is the only time it works, it's as if NAT
    is stopping transmission.

    is this a solaris issue or a PIX issue??

    anyone please help

    Dave
    David Hodgson, Sep 23, 2004
    #1
    1. Advertising

  2. David Hodgson

    PES Guest

    "David Hodgson" <> wrote in message
    news:ciut5p$612$1$...
    > hi folks,
    >
    > I have a pix 501 which separates 2 networks, 1 network = 192.168.0.0
    > (inside) the other network is 192.168.10.0 (outside).
    >
    > I have both solaris,windows and linux boxes on the outside, I have only
    > windows boxes on the inside.
    >
    > I have no NAT on PIX and am using only access rules. The access rules I
    > have
    > are..
    >
    > (from inside to outside) "icmp" from 192.168.0.0 with a destination of
    > 192.168.10.0 is allowed
    > (from outside to inside) "icmp" from ANY with a destination of 192.168.0.0
    > is allowed
    >
    > now with these rules in effect the following happens...
    >
    > from the outside...
    > Windows boxes and linux boxes on the outside can ping any inside windows
    > box
    > Solaris boxes can only ping outside boxes, they can't ping anything inside
    >
    > from the inside...
    > Windows boxes can ping all solaris, windows and linux boxes
    >
    > What I've noticed...
    > If I ping from host 192.168.0.1 to solaris box 192.168.10.1 I get a
    > response, then if I ping from solaris box 192.168.10.1 to windows box
    > 192.168.0.1 I get a response, this is the only time it works, it's as if
    > NAT
    > is stopping transmission.
    >
    > is this a solaris issue or a PIX issue??
    >
    > anyone please help
    >
    > Dave
    >
    >


    The xlate with nat 0 is built as the first packet goes from in to out. Then
    incoming initiated traffic as defined in the acl could use the xlate until
    it times out. If you want to lock the translation table to what nat 0 would
    do,

    from memory only

    static (inside,outside) 192.168.0.0 192.168.0.0 netmask 255.255.255.0

    then clear xlate

    >
    PES, Sep 23, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David Hodgson

    Solaris to PIX VPN tunnel.....

    David Hodgson, May 18, 2004, in forum: Cisco
    Replies:
    1
    Views:
    361
  2. Rob

    PIX and solaris question

    Rob, Mar 14, 2005, in forum: Cisco
    Replies:
    8
    Views:
    457
    aunraza
    Mar 23, 2005
  3. Rob
    Replies:
    2
    Views:
    388
    Eric Louie
    Mar 22, 2005
  4. Hugh Thomas
    Replies:
    0
    Views:
    763
    Hugh Thomas
    Jan 8, 2004
  5. woland

    solaris 10 and windows x64 dual boot redux

    woland, Mar 7, 2006, in forum: Windows 64bit
    Replies:
    11
    Views:
    1,070
    woland
    Mar 8, 2006
Loading...

Share This Page