I'm currently bringing together my three management networks. Network 1 (With real IP addresses, hereby named RealNet) is already behind the firewall on the inside interface with security level 100. Working like a charm.
The two other nets are 172.16.17.0/24 (Fake2) , situated on eth2) and 172.16.18.0/24 (Fake3, situated on eth3).
What I want to do, is access Fake2 and Fake3 from RealNet. All the three interfaces have access level 100, but I can't seem to contact my hosts on fake2 & 3 at all. I've tried to set up some form of nat, just to try that, but shouldn't my pix recognize all it's nets? I'll post my config along, without any access rules, since they only apply from outside interface -> RealNet. Does anyone see any obvious faults?
fw# sh run
PIX Version 7.2(1)
ip address 90.xxx.90.2 255.255.255.192
ip address 90.xxx.85.1 255.255.255.192
ip address 172.16.17.1 255.255.255.0
ip address 172.16.18.1 255.255.255.0
no ip address
no ip address
ftp mode passive
dns server-group DefaultDNS
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
pager lines 24
logging buffered debugging
logging trap warnings
logging asdm informational
mtu mng_outside 1500
mtu RealNet 1500
mtu Fake2 1500
mtu Fake3 1500
icmp deny any echo mng_outside
asdm image flash:/asdm-521.bin
no asdm history enable
arp timeout 14400
global (mng_outside) 1 interface
nat (Fake3) 1 172.16.18.0 255.255.255.0
access-group outside_access_in_1 in interface mng_outside
Sorry for posting so late, I had to put it away for some time. Other stuff to do.
Well, Now I've tried your two lines, (And I've removed my other nat rules, just to rule out other problems with it. I do a packet trace, and a telnet packet from RealNet to Fake1 works. (Finds no errors.) But I can't connect to anything on any of those two networks...
I just replaced some of the lines to the following:
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...