I have an existing PIX 515 failover pair. I am installing a second circuit (more bandwidth needed) and will be using a second PIX 515 failover pair. Both outside interface IPs will be in different networks eventually. Both inside interfaces will be in same net work (x.x.x.16 255.255.255.240). I need to keep the inside firewalls on same network if possible, but testing did not allow traffic to pass on PIX-2. (testing was done with outside networks in same network on 1 ISP link. This worked through small linksys router, but not on PIX) Any advice would be appreciated. I am assuming there is a conflict on PIX due to them both advertising or being in the same networks (x.x.x.16 /27 inside and x.x.x.0 /27 outdside) and connected to them.
yes, traffic from outside for the public IP 2x.2x.123.0 has to flow through the PIX2. I am assuming our service provider is now routing all to PIX-1 and once the 2nd circuit is installed will route networks accordingly.
There is no router on outside of either PIX, only service provider ONU. I think that is why it will not work is because they route everything to PIX-1. I will wait for 2nd circuit to be installed to test again. Thanks!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...