Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX firewall issue

PIX 515E is intalled in our central location.Now, integration of GIS with SCADA server is to done.GIS server which is the Citrix server(There is a DAIS/OPC bridge configured in Citrix) is kept at Mumbai and application server is at Delhi connected to DMZ zone of PIX firewall.Now, application server can ping the GIS server which shows that connectivity is through.Now the issue is that data is not moving from application server to GIS server.What could be the reason for not receiving data_changed

messages even though there is a successful connection to the opc server?


Re: PIX firewall issue


Based on your info, the Application Server (AppSvr) in your DMZ (Delhi) need to access GIS server at Mumbai:

GIS svr (Mumbai) ->outside:PIX515E:DMZ-> AppSvr

ICMP & TCP/UDP is 2 different protocols, where you can always allow icmp/ping to pass through from internal (initiate icmp) to external network/host. But allowing ICMP doesn't mean that outbound TCP/UDP access is also permitted. You need to have proper ACL permitting your internal/dmz host to access outside host/resources. I assumed nat/global or static nat (if any) is already configured properly.

Quick check - do you have ACL that permits your AppSvr to access your GIS server (considered on the external network) via specific TCP/UDP protocols & ports?

Maybe for a start, use ACL to allow IP any any from your AppSvr to the GIS address.



CreatePlease to create content