Re: ping SCO-BOX behind pix501 firewall

travis0 · ‎07-09-2002

Hello,

I have a vpn server configured on the pix501 using ipsec. I can vpn without any problem through the pix501 and access resources on my win2000 server which is behind the firewall.

When I am connected through the vpn, i can ping any computers, printers and tcp/ip devices on the local area network, ie: 192.168.3.x.

The only problem is pinging a SCO-UNIX on my LAN ie: 192.168.3.50

I get reply timout from the ping. What gives?

I am assuming the the SCO-UNIX box can not handle encrypted tunneling traffic through the vpn services.

what do you think?

travis,

paqiu · ‎07-09-2002

PIX will handle the encryption and decryption, so it is the clear traffic reach to your SCO-UNIX box.

It is normally a routing issue.

Please check the routing in that SCO-UNIX box.

Is that SCO-UNIX box default gateway point to your PIX inside interface ?

If not, if you assing the VPN pool 192.168.1.x, you need add a static route for that pool in the SCO-UNIX box.

Best Regards,

travis0 · ‎07-09-2002

I don't believe the default gateway on sco-unix is pointing to the inside pix int. I'll check.

Everyone else running pcs (98,xp2000) can ping the sco-unix except the vpn-connected pc.

the sco-unix box is on the same subnet (ie: 192.168.3.x) as the rest of the LAN.

thanks,

travis,

paqiu · ‎07-10-2002

In the same subnet 192.168.3.x all using broadcasting to find each other.

This is reason why there is no routing issues there.

But the VPN clients is in different subnet, they need the return routes to make it working.

I think all your other PCs , 98, xp,2000 default gateway is the PIX inside interface, but the Sco-unix is not. Add a return route inthe Unix box will do.

Best Regards,

travis0 · ‎07-11-2002

that make a lot of sense. thank you for your help.

Travis,