12-16-2003 11:17 AM - edited 03-09-2019 05:54 AM
Hello,
I have a problem with machines on other interfaces with routable addresses being able to see machines on another interface with n0n-routable addresses. They cna't ping the non routable ones until the non-routable ones ping them and then they can ping 10.0.0.x addresses. I have them all using the same address when they travers the interfaces. Is there anything i can do accept force the clients to ping before doing anything? I am trying to move machines to a new domain and it doesn't work until they ping the AD domain controller. It is a Pix 515e unrestricted running 6.2(2)
Thanks
Jim Kiddoo
12-16-2003 07:34 PM
There are a variety of ways to create translation slots through a pix, which is what allows traffic to pass from less to more secure interfaces. nat 0 can do this, but can cause the behaviour you see, as those slots created as a result are only temporary. The static command will create permanent slots for less secure interfaces to talke to higher security ones (so long as access-lists or conduit commands permit access though).
You probably need to add a static command for the higher security interface ip addresses.
12-17-2003 08:21 AM
Thanks,
Makes sense, do i have to create them for each device or can i do it for the interface.
Sincerely
Jim Kiddoo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide