OK...the scenario is this:
a pix 535 failover pair - so Im really only working with one...
an old pix (version 4)
2 Nic Cards in each.
Internet----pix1---cisco7200-----VLAN1(routable/24)-------|
| |
VLAN2(192.168.yyy.yyy)----|
| |
VLAN3(192.168.xxx.xxx)---pix2
Ok as if this was fuzzy enough....
The Inside network - VLAN1 needs to originate traffic to the outside. This
appears to be working. We cannot, however, get through port 80 which is
supposedly open at the pix. We can PING the outside interface of pix 1, but
traceroutes die 2 hops before it and as I mentioned, port80 appears to be
closed.
In the mean time, VLAN3 needs to get out to the internet, so I have pix2
configured with a global pool of addresses and a static translation for the
4 servers on that vlan that are getting out. Is it OK to go NAT from VLAN3
to VLAN1 then go through the firewall. VLAN1 is technically doing PAT since
its from routable to routable...
Is this all making sense?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17587&t=17587
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
