Not much firewall experience so looking for some assistance. I have Pix 535 running 8.0 in single context mode. I created Multiple sub interfaces for my guest users. Each interface is a separate subnet with a security interface level of 90. I also have a sub interface with a higher security of 95 which is a management interface/subnet where my web filtering server sits.
The way it works is all the traffic comes into a switch where they are trunked to the firewall. I have a TAP setup on the interface to the firewall that inspects traffic and sends it to the URL filter. I have a separate trunk port on the same switch to the web filter server itself. The webfilter see's the traffic coming from the tap and attempts to send the block page via the trunk port but it cannot reach the device on the other interfaces at all. I have an ACL setup on the inside of the management sub interface to allow IP traffic from the URL filter to all of my subnets where guest access resides.
any ideas? Not doing any NAT'ing internally only a global PAT on the outside. seems like I can't get the interfaces to talk to each other. So if i'm on 1 subnet I can't communicate with the other subnet which is OK. I really want the mgment subnet to be able to talk to all of the other subnets.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...