I am not able to establish IP connectivity between 2 LAN's. Pix with no outbounds restricts forwards traffic via ISP "A" and the return traffic comes in through a router on the LAN via ISP "B" I am able to ping and trace to the relivant servers but unless I replace PIX with router or ensure return traffic comes via ISP "A" I am unable to establish ip connectivity (eg Citrix session). Any ideas?
You cannot loop your traffic around the PIX. The PIX is a stateful packet filter and requires the traffic flow both ways through it so it can inspect the traffic. You'll need to re-think your design a bit.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...