Help Require - Security Context issues

Unanswered Question
Apr 26th, 2008
User Badges:

Hi Techies,


I have been assigned project for setting up the security contexts on PIX firewall.


Please see the below tech details:


I have created two contexts i.e. Admin & CustA. I have decided to share the Outside interface between two contexts. I have enabled 'mac-address auto' on PIX firewall to avoid conflicting between ARP requests.Also both the physical ports on L2 switches are configured into Trunk mode.


Sh run for Admin Context:


interface inside

nameif inside

security-level 100

ip address 10.126.1.17 255.255.255.0

!

interface outside

nameif outside

security-level 0

ip address 10.10.10.200 255.255.255.0


access-list outside_access_in extended permit icmp any any

global (outside) 1 interface

nat (inside) 1 10.126.1.0 255.255.255.0

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 10.10.10.2 1


Sh run for CustA Context:


nterface E_inside

nameif inside

security-level 100

ip address 10.126.6.250 255.255.255.0

!

interface E_outside

nameif outside

security-level 0

ip address 10.10.10.201 255.255.255.0


access-list outside_access_in extended permit icmp any any

global (outside) 1 interface

nat (inside) 1 10.126.6.0 255.255.255.0

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 10.10.10.2 1


Problems:


I am able to ping 10.126.1.X network from CustA context. However, not able to ping 10.126.6.X network from Admin Context.

I am able to surf the Internet from Admin Context i.e. from 10.126.1.X network. However, the DNS server resides on 10.126.1.X network and hence not able to resolve DNS requests from CustA context.



Could someone please help me to resolve the above mentioned problem? Let me know if anybody requires any additional information.


Thanks,


JBP


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smalkeric Mon, 05/05/2008 - 06:28
User Badges:
  • Silver, 250 points or more

Could you try it without the interface names in the Security context

Actions

This Discussion