I am trying to set up a failover scenario using a CSS, but the basic connectivity is a problem right now.
The physical connections are shown in the attached document.
Normal operation has the customers accessing the HTTPS server from the HQ site from the Internet and that is working fine.
The idea is to have the CSS redirect the traffic to the DR HTPPS server if there is a failure of the HQ server. I have the address on the remote DR site statically mapped in the HQ 525 firewall and have allowed HTTP and HTTPS. I can ping it from the Internet, but I cannot access the DR HTPPS page from the HQ internet.
I can access the DR HTTPS page from the HQ internal network, which makes me think an access-list problem somewhere.
1. Since my attempted connections to the DR HTTPS server will be coming from the inside interface to a DMZ interface on the DR PIX, and since the security levels are from a more secure (inside) to less secure (DMZ) should I be able to make this connection with no problem?
2. There is an access-list applied inbound to the DMZ1 interface on the DR pix, do I have to allow connections from the remote site in this list?
3. If so, which source should I make it?