Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
0
Helpful
2
Replies

ping from one interface with 10.0.x.x addresses to others

Jim.Kiddoo
Level 1
Level 1

‎12-16-2003 11:17 AM - edited ‎03-09-2019 05:54 AM

Hello,

I have a problem with machines on other interfaces with routable addresses being able to see machines on another interface with n0n-routable addresses. They cna't ping the non routable ones until the non-routable ones ping them and then they can ping 10.0.0.x addresses. I have them all using the same address when they travers the interfaces. Is there anything i can do accept force the clients to ping before doing anything? I am trying to move machines to a new domain and it doesn't work until they ping the AD domain controller. It is a Pix 515e unrestricted running 6.2(2)

Thanks

Jim Kiddoo

Labels:
0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎12-16-2003 07:34 PM

There are a variety of ways to create translation slots through a pix, which is what allows traffic to pass from less to more secure interfaces. nat 0 can do this, but can cause the behaviour you see, as those slots created as a result are only temporary. The static command will create permanent slots for less secure interfaces to talke to higher security ones (so long as access-lists or conduit commands permit access though).

You probably need to add a static command for the higher security interface ip addresses.

0 Helpful

Jim.Kiddoo
Level 1
Level 1
In response to mostiguy

‎12-17-2003 08:21 AM

Thanks,

Makes sense, do i have to create them for each device or can i do it for the interface.

Sincerely

Jim Kiddoo

0 Helpful
Customers Also Viewed These Support Documents