I posted the "pix vs checkpoint" request for info.
Gee, guess which one I chose?
(summary forthcoming)
We have an engineer from our vendor onsite, and he set up the pix
thusly:
public interface: A.B.C.1
DMZ interface: 192.168.100.1
private interface: 192.168.10.1
The DMZ hosts are mapped one to one via I guess NAT, and their IP
on the outside world is mapped to their internal, non routable, since
they are accessed as web servers, etc. This works fine.
The private hosts, mostly desktops, are using PAT and when connections
go out via the Pix, connections appear to come from a single host on our
public net, A.B.C.254. This also works fine.
The problem? We're trying to do X from a desktop on the private net to
a host on the DMZ, and it fails. I suspect this is because the X server
doesn't know how to get the connection to the proper display client.
Is there any way to do this with PAT as we've implemented it, or do I
have to do a static one to one mapping like with the DMZ hosts?
We're also unable to get NFS traffic through the Pix when connecting
from a desktop running NFS Maestro to an NFS server on the public net
which is allowing connections. I can successfully mount the NFS drive
(no errors on the server) but cannot see anything on it.
I know allowing NFS is a bad thing but this is a temporary fix until we
can move all servers behind the firewall.
I have to get some sleep now but will be up at 5am EST to continue this
as our developers will be in at 9am, expecting X and NFS to work.
I would greatly appreciate any replies, searches of deja.com and Cisco's
web site have been fruitless.
(pix support on their site seems to be nonexistent - is there a certain
URL anyone can point me to?)
Thanks.
| Dan |
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
