ping from one interface with 10.0.x.x addresses to others
I have a problem with machines on other interfaces with routable addresses being able to see machines on another interface with n0n-routable addresses. They cna't ping the non routable ones until the non-routable ones ping them and then they can ping 10.0.0.x addresses. I have them all using the same address when they travers the interfaces. Is there anything i can do accept force the clients to ping before doing anything? I am trying to move machines to a new domain and it doesn't work until they ping the AD domain controller. It is a Pix 515e unrestricted running 6.2(2)
Re: ping from one interface with 10.0.x.x addresses to others
There are a variety of ways to create translation slots through a pix, which is what allows traffic to pass from less to more secure interfaces. nat 0 can do this, but can cause the behaviour you see, as those slots created as a result are only temporary. The static command will create permanent slots for less secure interfaces to talke to higher security ones (so long as access-lists or conduit commands permit access though).
You probably need to add a static command for the higher security interface ip addresses.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...