For the icmp packets to cross the PIX it needs a translation rule and an access list rule to permit it. In your example, the translation rule is there with the static and you have specified the acl to allow the echo-reply in. My money would be on t...
RFC 2267 Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing January 1998, http://www.landfield.com/ftp/rfc/rfc2267.txt , provides general guidelines on Ingress and Egress filtering.No one from the g...
What IPs are you trying to put in? They can be on the same major net (eg 192.168.1.x), as long as they are on different subnets, otherwise the PIX wouldn't know which interface to send packets out of. For example: ip address outside 192.168.1.1 255...
Are you using static routes or a routing protocol and could both routers ping successfully (thinking of icmp redirects even if hosts still sent packets to the old active router)? Sounds like it could be an arp issue. When a router becomes Active th...
The commands are 'ip audit ..'. See link for details: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#1027034For the signatures see: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_c...