Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1109
Views
0
Helpful
0
Comments

Outside users cannot get to servers behind PIX firewall.

TCC_2
Level 10
Level 10

‎06-22-2009 05:32 PM - edited ‎03-08-2019 06:25 PM

Core issue

A border router was previously handling security, and each server had an Internet routable address. Now the servers are using a private address range, and the PIX is performing static Network Address Translation (NAT). After putting the PIX between the server and the border router, clients on the Internet are unable to access the servers.

Resolution

Check the following items listed below to resolve your problem:

  1. Issue the clear arp-cache command on the border router. This clears the Address Resolution Protocol (ARP) table on the router, allowing it to learn the MAC address of the PIX for the statically translated addresses of the servers. 

       
  2. If the PIX is the only device between the servers and the Internet, then make sure that default gateways configured on the servers point to the inside interface of the PIX. If the servers are not on the same internal segment as the PIX and have another internal router in between, then the default gateway should point to that router's interface connected to the same segment as the servers. 

       
  3. If the PIX's outside interface is connected directly to the border router, make sure that the default gateway on the PIX is configured to point to the interface on the border router which is connected to the PIX.
Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents