Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Ping between PIX remote peers

From: "Horvath, Kevin M." <KEVIN.M.HORVATH () saic com>
Date: Thu, 4 May 2006 10:04:22 -0400

yes you can but it will not work for this.  This is usually used for DNS
doctoring but if it is coming from another interface then it can be used for
dnat.  Not seeing what the original question is below I am assuming it
regarding site to site ipsec tunnels.  What Brian said below is correct
about the operation of the pix.  Once again not seeing the original question
it doesnt make any sense why you are trying to traverse the tunnels from the
51 net to access the 50 net if the 50 net is behind the same pix.  I am sure
this is not the scenario so if someone could forward the orginal question I
can take a look.  Thanks.

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com on behalf of Brian Loe
Sent: Tue 5/2/2006 12:06 PM
To: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Ping between PIX remote peers
 
Can you alias a network?

On 4/26/06, Utz, Ralph <rutz () realtime-it com> wrote:

Based exactly as you have diagrammed, your setup will not work. You will
not be able to ping from end point to end point. The reason is because
the PIX will not send traffic out the same interface it came in on. In
this scenario, traffic from 192.168.51.0 is coming into the PIX on
interface0 and needs to go back out interface0 to get to 192.168.50.0
By design, the PIX will not pass this traffic.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: