06-05-2006 07:39 PM
US serves<->US PIX<==>HK PIX<->HK servers
We have already established VPN Tunnels successfully. PING test is ok.
If I add a server(DMZ server) which is outside HK PIX, Do US servers accesss DMZ servers?
IF yes, how?
Thank
06-05-2006 08:22 PM
Hello,
Is this really a DMZ or the server is just sitting on the outside interface?
If this is really a DMZ that would mean three legs in the HK PIX. US servers will be able to access the DMZ.
If the server is sitting on the outside interface of the PIX normally it will not be possible.
There could be a workaround in that case.
X
USPIX----internet-----|----HKPIX
Server
Suppose the device X is a router you can create a VLAN in the outside interface and terminate on the router X. Now you will have one virtual and one physical int on your PIX one going to the internet and one going to the X which is connected to the server. This way you can circumvent the redirection problem/feature/bug/security measure in PIX and US servers will be able to access the server in HK.
Vikas
06-05-2006 09:04 PM
My DMZ server is sitting on the outside interface of the PIX normally (actually in oustide interface of the PIX)
If add routing in PIX, can fix the problem?
06-06-2006 07:02 AM
Hello,
No, routing will not solve this problem because PIX wont let the packet out the same interface from which it came in. In your case the request to access the server will come through the tunnel on the outside interface and will get decrypted on the outside interface and will try to go out the same way it came in.
Vikas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide