Can PIX allow inbound connection with same Network as inside
I have a situation with an office attached to our internal network via a T/3 and sharing the same internal IP address space. Both offices have different ISP's. I also have a test web server on our internal network and it is being static assigned an external IP address from our pool at office A. The problem I am having is with office B trying to get to that external IP address from their ISP. Is the firewall blocking this?
Re: Can PIX allow inbound connection with same Network as inside
Youll have to look at the PIX logs to see if the packet is arriving at the outside interface of the pix. The easiest way to do this is to turn on debug icmp and ping the static IP address from the remote site. If you see icmp packets on the debug, dig further into the debugging syslog files to see what is being denied. I assume youve setup a conduit allowing these packets in. If the source IP address on the remote site is the same network as the inside network, your host inside will assume the packet came from one of the hosts on its own wire and will never use the gateway (PIX) to return the packet to the remote site. Consider using rfc1918 reserved network addresses internally.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...