This is a long one and I appologize if it seems rather simple but I need some help.
We have a single 2620 router and 2 PIX firewalls, one with 2 interfaces (Pix02) and one with 3 interfaces (Pix01), behind it. The networks are all subnetted from a single class A address given to us from our ISP. I will explain using a different ip address space.
ISP assigned address space 220.127.116.11 (Class A address used as Class C address)
Please tell me this makes sense to someone besides me. I inherited this system and added the second Pix to split up our network for certain reasons. My first question is, is this a smart way to do things? I did not get the 4th interface for our first Pix because we had another Pix just lying around. In most architectures I have looked at, there aren't 2 Pix's behind a single router unless they are being load balanced or used for failover. Being that this is still a learnign process for me I feel unsure about the foundation of our setup.
My second question relates to communication to and from Pix02. I am attempting to use an ssh client to manage Pix02 from behind Pix01. To explain, I have a network management station at 18.104.22.168 (Pix01 inside), that I use to ssh to Pix01. This is not a problem, it works great but no matter what I allow in our out I can not ssh to Pix02. There is also no syslog errors or warning coming from Pix01 when attempting to communicate to Pix02. Is this due to some underlying rule that doesn't allow ssh to an outside interface of a Pix? or am I just not setting up the Pix's properly?
I have done:
Got DES keys for both Pix's
ca generate rsa key 1024 (on both)
Pix01 no access list is necessary since I am access from the inside
access-list outside_acl permit tcp host 22.214.171.124 any eq ssh
access-group outside_acl in interface outside
ssh 126.96.36.199 255.255.255.255 outside
Is there something I am missing? I can reach Pix01 from the management station, just not Pix02. Any help is greatly apprecieated. Sorry about the length of this post, I just felt it necessary to give as much information as I can.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...