Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
845
Views
0
Helpful
6
Replies

Cannot ping a floating IP-- PIX 515E

gomesrichard
Level 1
Level 1

‎01-04-2003 05:20 AM - edited ‎02-20-2020 10:28 PM

Hi All.

We are facing some problem with floating IP address which is actually

a package IP in HP cluster environment.

HP servers-------PIX-------NAS-------PC client

1) PIX arp table has 2 entry for main HP server lan0 and virtual IP,

but there mac table is the same( which is lan0's mac address).

All the PC client are in different subnet from HP server. Problem is

that we can ping IP addresses of HP server's( main and failover) lan0

but cannot ping the virtual IP address of configured package. Within the HP server's subnet, we can ping all the IP addresses( both lan0 and

virtual IP) from HP server and also from PIX. NAs can ping both HP's main and failover server's lan0 IP address, but cannot ping the virtual/package IP address of the cluster package.

What is the problem?

Thanks and regards

Richard Gomes

0 Helpful
6 Replies 6

p-hogan
Level 1
Level 1

‎01-04-2003 08:08 AM

Can the inside clients use actual services on HPs via the lan0 address?

Ping is sometimes a bit confusing through a firewall

If you clear the arp in the PIX and ping the virtual again, it should have a virtual ip and mac, does the HP generate a virtual mac?

0 Helpful

gomesrichard
Level 1
Level 1
In response to p-hogan

‎01-04-2003 08:19 AM

No, hp does not generate virtual mac and I tried with clearing arp table in the PIX, but it did not help.

Thanks

RIchard

0 Helpful

p-hogan
Level 1
Level 1
In response to gomesrichard

‎01-04-2003 08:41 AM

do the local users on the same network as the HPs have the same in their arp table - 2 x IPs and 1 mac?

do you have an access-list or conduit command to allow pings back trough the outside interface on the PIX?

0 Helpful

gomesrichard
Level 1
Level 1
In response to p-hogan

‎01-04-2003 06:17 PM

Hi Hogan,

I have to check the mac table( new idea!) of the same subnet's client.

And Yes, I have an access-list which permits ip any any( from any source to any destination).

Thanks for your response.......

richard

0 Helpful

p-hogan
Level 1
Level 1
In response to gomesrichard

‎01-05-2003 02:45 AM

the access-list statements should allow icmp as well as ip

e.g.

access-list acl_outside permit ICMP 'source' destination'

0 Helpful

b-pelphrey
Level 1
Level 1
In response to p-hogan

‎01-06-2003 01:12 PM

agree with p-hogan, icmp is different from any ip. but i am a bit confused on why the host can't access any services on the hp system??

maybe several things going on here.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card