New to this, getting "Deny IP Spoof" message

[themikehyde]

Hello all,
I am in the process of replacing our old firewall with a new PIX 515E UR, with the optional PIX-4FE card.

I can ping both an IP inside, and the router outside from the FW ok.

When I attempt to ping the outside address, or the router from a system inside, I get a "106016: Deny IP Spoof from (router Ip address) to (The public IP picked up by NAT for the system inside) on interface outside."

Any help would be greatly appeciated, since I am new to the Cisco products.

Thanks,
Mike

 

[yizhar]

HI.

Please post your config -
See some tips on how to mask private info here:
thread35-475373

As you can see here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/syslog/index.htm

The problem might be misconfiguration of ip addressing and subnets.
Do you have different subnets for both sides of the pix?
No overlapping?

Try telnet to the router instead of ping. What do you get?

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[themikehyde]

Yizhar,
Thanks for the tip. Yes, I did mess up a calculation on the subnet masks. I got that fixed, can ping out now and get to the web from inside. Now its off to work on putting a web server in the dmz.
Thanks,
Mike