02-16-2012 07:24 AM - edited 03-11-2019 03:30 PM
I'm putting a couple of servers in my DMZ on a PIX 515E. The inside is nated (192.168.199.0/24) and the DMZ is nated also (192.168.200.0/24). inside the DMZ is an ISA 2006 server. I was to block that server off entirely except from the inside network. Currently I can RDP to the server, but it's reporting the connecting address as 192.168.200.107 which is an address inside the DMZ. The pix is repoting ICMP's as
6 | Feb 16 2012 | 08:42:45 | 302020 | 192.168.200.110 | 512 | 192.168.199.19 | 0 | Built inbound ICMP connection for faddr 192.168.200.110/512 gaddr 192.168.200.107/0 laddr 192.168.199.19/0 |
I guess I'm not understanding the gaddr address being reported. I would think I would tell the ISA to allow remote management from 192.168.199.1/24. Not sure how the 192.168.200.107 address gets reported as the connecting from address when it's really an address on the inside which is 192.168.199.19.
Thanks
02-16-2012 07:28 AM
Hi,
It's a bit opposite actually what you are thinking, it is reporting the destination address first and then the source address. If you have a look at the syslog again, it is connection for the destination:
Built inbound ICMP connection for faddr 192.168.200.110/512 gaddr 192.168.200.107/0 laddr 192.168.199.19/0
Don't confuse it with being the source address.
Thanks,
Varun
02-16-2012 07:48 AM
OK,
Then is the gaddr 192.168.200.107/0 an address that gets dynamically created when the tunnel is created? I dont have any machines on the network with that address, and I am initiating a connection from the inside interface from machine 192.168.199.19
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide