Ping through Pix

Discussion in 'Cisco' started by Sean James, Jul 16, 2003.

  1. Sean James

    Sean James Guest

    I have to Pix's on one LAN. The one pix is the default gateway for the
    workstations. When I try to ping a workstation that is on the external
    interface of the second pix, I get no response.

    I have used debug packet one the default pix. I see the packet arriving. On
    the secondary pix I do not see the packet arriving.

    There are no accees-list on the internal interface of the default pix.
    From the default pix, I can ping the machine on the external interface of
    the secondary pix.
    If I change my default gateway to the secondary pix, then the workstations
    can also ping the external machines

    Any idea's where I can start?

    Thanks
     
    Sean James, Jul 16, 2003
    #1
    1. Advertisements

  2. :I have to Pix's on one LAN. The one pix is the default gateway for the
    :workstations. When I try to ping a workstation that is on the external
    :interface of the second pix, I get no response.

    The PIX will NEVER route packets back through the same [logical]
    interface that it received the packets on.

    You need to do one of the following:
    - add an internal router; or
    - add routes on the workstations to have them go directly to the second
    PIX when appropriate; or
    - if you have a 515, 515E, 525, or 535, upgrade to 6.3(1), attach the
    PIX to an 802.1Q-aware switch, and create multiple logical interfaces
    on the internal physical interface.
     
    Walter Roberson, Jul 16, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.