Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3128
Views
0
Helpful
1
Replies

Problem with DMZ and PIX with win2003 server

mikecapcomp
Level 1
Level 1

‎05-12-2005 09:04 AM - edited ‎02-21-2020 12:08 AM

I have a pix 515.

it has 1 outside interface and 1 dmz interface

The dmz interface on the pix is 192.1268.1.1

The dmz is a 192.168.1.x network

The pix is doing NAT

The pix is NATing an outside address to a server in the dmz that is 192.168.1.3

There are also 2 microsoft ISA servers in the DMZ their ip’s are 192.168.1.2 and .10

The ISA server with the ip 192.168.1.2 is a windows 2003 server

The ISA server with the IP 192.168.1.10 is a windows 2000 server

The server in question, with the ip of 192.168.1.3 was a windows 2000 server

There was no problem

I rebuilt the server, and installed windows 2003 server

That is when the problem started happening

The problem is:

From the 192.168.1.3 server, I CANNOT Ping the 192.168.1.2 server, which is The win 2003 ISA server

But I CAN ping the 192.168.1.10 server which is the win 2000 ISA server

Also, before I upgraded from win 2000 to win 2003, I was able to browse the internet.

Now, no such luck

From the 192.168.1.3 server, I CAN ping the dmz interface on the pix. Which is 192.168.1.1

But I cannot get out to the internet.

Nothing on the pix has changed.

Another thing that might be of important information,

The server with ip 192.168.1.3 has another NIC card and is connected to an internal network, 10.5.x.x

I set up that second NIC card with NO gateway information

Any ideas that you think might help would be greatly appreciated.

Thanks.

0 Helpful
1 Reply 1

Not applicable

‎05-12-2005 12:22 PM

Weird problem. Doesn't seem like a PIX problem because to ping on the same subnet it shouldn't be hitting the pix. Do you have a sniffer? You can try and capture the packets to see what is happening (ping going out, server not responding to ping) or monitor the 192.168.1.2 isa server to see if its blocking the icmp when you ping. Which version of ISA server are you using? Traceroute will probably not help you because you should just see 1 hop but you can try it. Also when you browse the Internet do you use the ISA for proxy? If so have you tried using the ISA server that you can ping(192.168.1.10)? Also check the routes on the servers with route print just to make sure a bad route is not in there for 192.168.1.2 or 3. Not an answer to your problem but maybe some tests you can do that can help you fix it.. Hope it helps..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card