Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

2-nodes inside the firewall

i have PIX 515, the problem is that all nodes configured inside are working fine with the outside (internet). but when i try to connect (ping one node from another node (both are inside) i couldnt...)

Host 1 and Host 2 : are inside (10.10.10.1 and 10.10.10.2)

Host 1 can ping outside(internet) but cant connet to Host 2 , and the same for Host 2..

is there any special configuration neede..

3 REPLIES

Re: 2-nodes inside the firewall

As they are both on the inside it shouldn't have anything to do with the PIX, shouldn't even go to the PIX. Are they on a switch, as arp should take care of this. Packets won't go to the gateway if they have the same subnet (ANDing process decides if they are on the same subnet). Look at your switch to see if they are on the same vlan, same subnet mask, if the switch sees the macs (which I am sure it does as they can connect to the internet) etc. It is a LAN issue, not PIX.

Steve

Community Member

Re: 2-nodes inside the firewall

Thx steve , they are in the same subnet ,and they can see each other without going to the firewall , but the problem is i try to telnet its real ip 212.23.45.xx ..(10.10.10.2 = 212.23.45.xx )when i try to telnet 212.23.45.xx it couldnt . but when i try to telnet another ip not in the firewall it work fine (telnet 212.23.45.xx is ok).

but the problem is that Host 1 should go to host 2 through the firewall since host 1 is an E-mail forwarder .

is the problem since the 2-hosts have the same MAC address which its the MAC address of the PIX. ?

Re: 2-nodes inside the firewall

So you want the data path to be: host1---in_pix_inside---out_pix_inside---host2.

I am 99% sure you can't do that, the PIX can't receive packets, translate them, and send them out the same interface it was received.

I think your work arounds are to move the hosts to different interfaces of the PIX (example DMZ and inside) or telnet/send packets via the real IP (eg 10.10.10.2).

Hope it helps.

Steve

90
Views
0
Helpful
3
Replies
CreatePlease to create content