03-14-2006 10:16 AM - edited 03-09-2019 02:15 PM
Hi,
I am experiencing a weird problem on my PIX525. I defined a logical interface on one of my physical interfaces (see below):
-------------------------------
interface ethernet5 auto
interface ethernet5 vlan201 physical
interface ethernet5 vlan301 logical
nameif ethernet5 xprod1 security89
nameif vlan301 xe2estg1 security49
ip address xprod1 10.172.16.254 255.255.254.0
ip address xe2estg1 10.172.24.254 255.255.254.0
-------------------------------
We have remote VPN users (10.10.100.0; using Cisco VPN client) that needs to access servers in the 10.172.16.0 segment.
Whenever we performed ICMP echo from the remote users, I noticed that traffic from 10.172.16.0 was actually returning on the 10.172.24.0 interface!
This forced me to add a NAT rule on the 10.172.24.0 interface to allow remote users to ping devices on the 10.172.16.0 segment (see below)
-------------------------------
access-list nonatxe2estg1 permit ip 10.172.16.0 255.255.254.0 10.10.100.0 255.255.255.0
access-list nonatxe2estg1 permit ip 10.172.24.0 255.255.254.0 10.10.100.0 255.255.255.0
nat (xe2estg1) 0 access-list nonatxe2estg1
-------------------------------
Does anyone know why this is happening?
Need help urgently, thank you!!!!!
Joe
03-14-2006 10:23 AM
have you added the command
Enables access to an internal management interface on the firewall.
[no] management-access mgmt_if
show management-access
Syntax Description
mgmt_if
The name of the firewall interface to be used as the internal management interface.
Defaults
None.
Command Modes
The management-access mgmt_if command is available in configuration mode.
The show management-access is available in privileged mode.
Usage Guidelines
The management-access mgmt_if command enables you to define an internal management interface using the IP address of the firewall interface specified in mgmt_if. (The firewall interface names are defined by the nameif command and displayed in quotes, " ", in the show interface output.)
In PIX Firewall software Version 6.3, this command is supported for the following through an IPSec VPN tunnel only, and only one management interface can be defined globally:
SNMP polls to the mgmt_if
HTTPS requests to the mgmt_if
PDM access to the mgmt_if
Telnet access to the mgmt_if
SSH access to the mgmt_if
Ping to the mgmt_if
The show management-access command displays the firewall management access configuration.
Examples
The following example shows how to configure a firewall interface named "inside" as the management access interface:
pixfirewall(config)# management-access inside
pixfirewall(config)# show management-access
management-access inside
Reference:
sincerely
Patrick
03-14-2006 08:11 PM
Umm...doesn't sound related to my question, but thanks for the info anyway :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide