2 PIX Same COnfig, though 1 not connected to 'real' outside? Does not work?

Discussion in 'Cisco' started by Scott Townsend, Mar 23, 2006.

  1. This seems like it should work okay I have 2 PIXs set up as follows
    PIX1: Inside:

    PIX1: Inside:

    Inside ----PIX1-----Outside

    They are both on the same Internal Network. Though the Outside ports are
    connected to different Physical Networks that have the same Address space.
    Both PIXs have the same Config (besides the Internal IP)

    I've set up a Laptop on Outside2 with a Hosts file that has entries for
    Webservers that are published on the PIX2 Outside Interface mapped to the
    internal Webserver...

    When I try to Access them it does not work...

    Is having the same Outside Subnet confusing it? Seems like this would work?

    Scott Townsend, Mar 23, 2006
  2. How is the routing set up on your servers?
    Walter Roberson, Mar 23, 2006
  3. On the inside network, the routers and servers do not know that PIX2 Exists.
    Though they are on the Same Physical Subnet.

    Though I though that since the PIX is doing the Address translations from
    the outside to the inside, the request would originate from PIX2 which is on
    the same subnet and just return the reply to PIX2.

    So I have

    Both PIXs have the same static table:
    static (inside,outside) WWWServer_o WWWServer_i netmask 0 0
    static (inside,outside) MailServer_o MailServer_i netmask 0

    So both PIXs are responding to Though is that address the one
    that is used to route the reply back out to the internet? Even so, wouldn't
    it be via the MAC address of the PIX2 and go back to PIX2 to reply?

    So here is another question, How do I test the new PIX with the same Config
    without taking down the network??

    Scott Townsend, Mar 23, 2006
  4. Okay, so I think I found (part) of the issue.

    I created a Static Route for the Outside IP address I'm using on my Test
    laptop, so that the Router and PIX1 know to pass the traffic to PIX2 for
    anything destined to that IP.

    I can now surf to Web pages on the Inside from Outside2. Now to get VPN to

    Scott Townsend, Mar 23, 2006
