Subnet connect via pix

leoMysta · May 22, 2003

I have a problem access subnet to subnet, which is setup through a pix 515 ...

I can ping and see server from x.x.1.1 (inside/security 100) subnet to x.x.50.1 (company A / security 40) but not the other way around ...

baddos · May 23, 2003

That's because (company A / security 40) < (inside/security 100).

In order for a lower security interface to access a higher security interface, you need to have an access-list or conduit list permitting the desired traffic.

yizhar · May 25, 2003

HI.

You need to add something like this:

access-list nonatinside permit ip x.x.1.0 255.255.255.0 x.x.50.0 255.255.255.0
nat (inside) 0 access-list nonatinside

OR - you can use static instead of the above:
static (inside,???) x.x.1.0 x.x.1.0 255.255.255.0
(I preffer the nat 0 method).

And in addition you need this:

access-list remotenet permit ??? x.x.50.0 255.255.255.0 x.x.1.0 255.255.255.0
access-group remotenet in interface ???

Bye

Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

leoMysta · May 30, 2003

Thanx .... that sorted it out.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Subnet connect via pix

leoMysta

Technical User

baddos

MIS

yizhar

MIS

leoMysta

Technical User

Similar threads

Part and Inventory Search

Sponsor