Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2 pix's on the same subnet

Status
Not open for further replies.
optize

optize

IS-IT--Management
Jun 9, 2006
20
US
I have two different PIX firewalls (two completely different networks) on the same /27.

From pix 1, I can't ping anything on pix 2
From pix 2, I can't ping anything on pix 1.

I can however ping my default gateway, I can ping the other pix, I can ping everything else except the static mappings behind that pix.

It's very strange. It will ping once and then die. It will continue to do that if I continue to clear arp. Ping once, die, clear arp, ping once, die. Etc.

I don't have any IP conflicts. My only guess is the pix is seeing traffic from it's own subnet coming into the pix and rejects it.

If you have any ideas, please help!

Thanks.

 
Sort by date Sort by votes
At a quick glance, it sounds like a subnetting issue. Please verify correct subnets and masks on both PIXes and all machines. Could you supply an example of the ip address and subnet mask of one machine on each LAN and both PIXes?
 
Upvote 0 Downvote
It's very weird.

I found out I can ping .80, .81, and .82 of that block but nothing else. If I ping anything lower, I get the following:

[14:43] optize: 38: arp-in: response at outside from 216.207.124.67 000c.8543.6035 for x.x.124.83 000a.f4d5.f5b2
39: arp-set: added arp outside x.x.124.67 000c.8543.6035
40: arp-send: sending all saved block to outside 216.207.124.67
41: arp-in: response at outside from x.x.124.67 000f.f7f3.fbc0 for x.x.124.83 000a.f4d5.f5b2
42: arp-in: collision response received at outside from x.x.124.67/000f.f7f3.fbc0 for x.x.124.83 000a.f4d5.f5b2

When I ping .81, I get the ARP of

outside x.x.124.81 000c.8543.6035

That's the correct mac address, I don't know where it's getting that other mac from, I checked the routers and it doesn't exist.

Subnets are the same.

 
Upvote 0 Downvote
I am not understanding the question. Are the networks the same (10.10.10.0/24 and 10.10.10.0/24) or are they seperate? Your configs and NAT statements would help.



Brent
Systems Engineer / Consultant
CCNP
 
Upvote 0 Downvote
Could you supply the ip info including subnet mask. I am only interested in the last octet. (pix a =x.x.x.80 255.255.255.248)
 
Upvote 0 Downvote
pix a - .33 255.255.255.224
pix b - .83 255.255.255.224

they are both 192.168.100.0/24 on the backend.
 
Upvote 0 Downvote
If you are trying to ping public IPs and that is not working, then we need to see the PIX configs. If you are trying to ping private IPs, that will pose a problem as 192.168.100.1 will never go to its gateway to ping 192.168.100.x.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
776
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
578
nnaarrnn
nnaarrnn
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
180
Russtoleum
Russtoleum
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
189
PauS0n
PauS0n
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
194
mcisar
mcisar

Part and Inventory Search

Sponsor

Back
Top