×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

2-nodes inside the firewall

Unanswered Question
Oct 14th, 2002
User Badges:

i have PIX 515, the problem is that all nodes configured inside are working fine with the outside (internet). but when i try to connect (ping one node from another node (both are inside) i couldnt...)

Host 1 and Host 2 : are inside (10.10.10.1 and 10.10.10.2)

Host 1 can ping outside(internet) but cant connet to Host 2 , and the same for Host 2..


is there any special configuration neede..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
steve.barlow Mon, 10/14/2002 - 04:52
User Badges:
  • Silver, 250 points or more

As they are both on the inside it shouldn't have anything to do with the PIX, shouldn't even go to the PIX. Are they on a switch, as arp should take care of this. Packets won't go to the gateway if they have the same subnet (ANDing process decides if they are on the same subnet). Look at your switch to see if they are on the same vlan, same subnet mask, if the switch sees the macs (which I am sure it does as they can connect to the internet) etc. It is a LAN issue, not PIX.

Steve

selba2008 Mon, 10/14/2002 - 06:39
User Badges:

Thx steve , they are in the same subnet ,and they can see each other without going to the firewall , but the problem is i try to telnet its real ip 212.23.45.xx ..(10.10.10.2 = 212.23.45.xx )when i try to telnet 212.23.45.xx it couldnt . but when i try to telnet another ip not in the firewall it work fine (telnet 212.23.45.xx is ok).

but the problem is that Host 1 should go to host 2 through the firewall since host 1 is an E-mail forwarder .

is the problem since the 2-hosts have the same MAC address which its the MAC address of the PIX. ?





steve.barlow Mon, 10/14/2002 - 07:12
User Badges:
  • Silver, 250 points or more

So you want the data path to be: host1---in_pix_inside---out_pix_inside---host2.

I am 99% sure you can't do that, the PIX can't receive packets, translate them, and send them out the same interface it was received.

I think your work arounds are to move the hosts to different interfaces of the PIX (example DMZ and inside) or telnet/send packets via the real IP (eg 10.10.10.2).

Hope it helps.

Steve

Actions

This Discussion