Sorted my LocalDirector problem, Now I have a Timbuktu problem
Ok, I'm using a DMZ on a pix 515E to go down to a pair of servers running Timbuktu (I'd never heard of it previously either) This little baby uses UDP407 for handshaking then TCP ports 1417 through 1420 for other tasks. On top of that it also runs dynamic UDP and TCP ports. Surprises surprise it isn't working.
I have tried various permutations of ACL. Including permit UDP and permit TCP any just to get it going. A debug UDPproto shows that the application hits the firewall from the trusted ip address specified in the ACL and is directed to the global address in the static command. It then does no more.
I can ping the target server from the PIX. Would the fixup protocol command be a good way to go on this one?
Help would be appreciated.
For those of you who are interested. The loadbalancers I had behind the inside interface needed an:
ACL to permit tcp any host <public_ip> eq www
Static to translate from the public_IPs to the virtual_IPs on the loadbalancer.
The inside interface of the PIX designated as the gateway for the servers.
Re: Sorted my LocalDirector problem, Now I have a Timbuktu probl
I would double check the following:Routing. Can you ping the servers from outside the firewall (You will have to allow ICMP traftic for this). Also check the NAT part of your configuration (nat and global) and see if the translations are working OK.
I am not sure what the fixup command does. Can anyone tell what exactly it does and wheater it can help in this case.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...