PIX solaris and Windows

Discussion in 'Cisco' started by David Hodgson, Sep 23, 2004.

  1. hi folks,

    I have a pix 501 which separates 2 networks, 1 network = 192.168.0.0
    (inside) the other network is 192.168.10.0 (outside).

    I have both solaris,windows and linux boxes on the outside, I have only
    windows boxes on the inside.

    I have no NAT on PIX and am using only access rules. The access rules I have
    are..

    (from inside to outside) "icmp" from 192.168.0.0 with a destination of
    192.168.10.0 is allowed
    (from outside to inside) "icmp" from ANY with a destination of 192.168.0.0
    is allowed

    now with these rules in effect the following happens...

    from the outside...
    Windows boxes and linux boxes on the outside can ping any inside windows box
    Solaris boxes can only ping outside boxes, they can't ping anything inside

    from the inside...
    Windows boxes can ping all solaris, windows and linux boxes

    What I've noticed...
    If I ping from host 192.168.0.1 to solaris box 192.168.10.1 I get a
    response, then if I ping from solaris box 192.168.10.1 to windows box
    192.168.0.1 I get a response, this is the only time it works, it's as if NAT
    is stopping transmission.

    is this a solaris issue or a PIX issue??

    anyone please help

    Dave
     
    David Hodgson, Sep 23, 2004
    #1
    1. Advertisements

  2. David Hodgson

    PES Guest

    The xlate with nat 0 is built as the first packet goes from in to out. Then
    incoming initiated traffic as defined in the acl could use the xlate until
    it times out. If you want to lock the translation table to what nat 0 would
    do,

    from memory only

    static (inside,outside) 192.168.0.0 192.168.0.0 netmask 255.255.255.0

    then clear xlate
     
    PES, Sep 23, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.