Mark Campbell wrote: >Hi Guys, > >I have a PIX 525 with version 6.1(1) running. We use it to protect our >internet mail, web, dns, application etc. etc. servers. I have 6 Ethernet >ports, one per subnet and of course the outside interface. My problem is >this, if I have to reboot the PIX for whatever reason, all the servers are >unreachable from the outside. The only thing that solves this is if I make >a connected from every server to the outside. > >The only thing I can think off is that the firewall needs to build a NAT >translation for every outgoing connection even though I use; > [..]
My first thought would be that it could be either arp table related or switch mac table related. After the firewall comes up, if you use the firewall console to ping back to the servers or use the servers to ping the inside of the firewall, you will force the mac & arp tables to be updated. If they then are accessible from the outside, you know that the problem is not nat/static/conduit related. --Mike _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
