I am hoping someone can help me figure this out. We have an internal client which needs to be accessed from the Internet through our PIX Firewall. The client has an internal IP address in the range of 192.168.x.x (static), we also have an external address configured to forward to the internal client at 192.168.x.x. My problem is we have redundant firewalls, so we basically have two paths in, but internally, our router may send the traffic back out one of the firewalls if it does not know where the traffic was initiated from or only sees an internet source IP, sending it to not necessarily the firewall it came in through.
This causes the packets to be dropped. Is there a way to configure the firewall so that when it forwards the packets the packet has tcp information about which firewall the packet traversed, this way the router on the inside knows to send it back to the same firewall.
Hopefully this does not sound too confusing.