Search This Blog

Saturday, August 01, 2009

firewall-wizards Digest, Vol 40, Issue 1

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. 2 PIXes with their interfaces sharing the same switch and on
the same VLAN. (Rudy Setiawan)


----------------------------------------------------------------------

Message: 1
Date: Sat, 1 Aug 2009 08:19:13 +0700
From: Rudy Setiawan <rudal@online.rudal.com>
Subject: [fw-wiz] 2 PIXes with their interfaces sharing the same
switch and on the same VLAN.
To: firewall-wizards@listserv.icsalabs.com
Message-ID:
<79b6f8780907311819rca6cefi4631333e6e68132f@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi all,

I have some problem that I need some solution/advice :)

I have two PIX'es
* PIX A WAN is connected to Provider A
* PIX B WAN is connected to Provider B
* PIX A inside interface has the IP address of 10.15.1.1
* PIX B DMZ interface has the IP address of 10.15.1.2
* PIX B inside interface has the IP address of 10.17.1.1
* Subnet mask for all of the IP addresses 255.255.0.0 or /16

I disabled nat by way of nat 0 access-list to both PIXes and the interfaces
as well (except the WAN).
I have a "ip permit any any" applied to all interfaces except the WAN,

A user with IP 10.17.1.2 has a gateway of 10.17.1.1 is able to ping a server
in 10.15.1.10 (the server has a gateway of 10.15.1.1) but is unable to ssh
to the server.
But if I changed the gateway of the server to 10.15.1.2, then the user is
able to ssh to the server.

What am I doing wrong here?

Thank you so much in advance for the help.

Regards,
Rudy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090801/f012cc95/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 40, Issue 1
***********************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)