Yeah I noticed I also had the inside interfaces on each PIX on different VLAN's. Thats was another kick in the balls when I noticed it this morning. This wasn't the original problem since it happened when I moved the PIX's to another switch but did aggravate me for enough time.
""Evans, TJ (BearingPoint)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Nice... > > FYI - Another painful thing like this can happen if you have an interface > disabled on one but not the other, or even worse - different #'s of ports > (i.e. - one with 6 ports and one with 4 ... doh!) > > > Thanks! > TJ > -----Original Message----- > From: Sam Sneed [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 15, 2003 10:20 AM > To: [EMAIL PROTECTED] > Subject: Re: PIX access-list problem [7:61043] > > Found problem. I had the 2 PIX's configured for failover. The problem was > that the failover cable was loose on one end so they both flip flopped each > taking control as master. Thanks for the help. > > ""Waters, Kristina"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Sam, > > > > Do you have any sort of statement that's translating the addresses in your > > DMZ? For example, > > > > static (DMZ,outside) 141.152.135.23 141.152.135.23 netmask 255.255.255.255 > > > > If you aren't nat'ing I believe you still have to translate the address. > > > > HTH, > > Kris. > > > > -----Original Message----- > > From: Sam Sneed [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, January 14, 2003 2:08 PM > > To: [EMAIL PROTECTED] > > Subject: PIX access-list problem [7:61043] > > > > > > I cannot seem to get the following config to work and am clueless why. My > > incoming access lists for DMZ and outside are wide open. The goal is not > to > > NAT DMZ ever since its public addressing. I can't even ping hosts on the > > outside network from PIX. Why am I having these problems? > > > > nameif ethernet0 outside security0 > > nameif ethernet1 inside security100 > > nameif ethernet2 dmz security50 > > > > access-list internal permit ip 172.19.90.0 255.255.255.0 any > > > > access-list test permit ip any any > > access-list test permit icmp any any > > > > access-list int-dmz permit ip 172.19.90.0 255.255.255.0 83.23.43.0 > > 255.255.255.0 > > > > ip address outside 83.23.44.60 255.255.255.192 > > ip address inside 172.19.90.1 255.255.255.0 > > ip address dmz 83.23.43.250 255.255.255.0 > > > > global (outside) 1 83.23.44.58 > > nat (inside) 0 access-list int-dmz > > nat (inside) 1 172.19.90.0 255.255.255.0 0 0 > > nat (dmz) 0 0.0.0.0 0.0.0.0 0 0 > > access-group test in interface outside > > access-group test in interface dmz > > route outside 0.0.0.0 0.0.0.0 83.23.44.1 1 > > ********************************************************************** > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the sender by email, delete and destroy this message and its > > attachments. > > ********************************************************************** > **************************************************************************** ** > The information in this email is confidential and may be legally > privileged. Access to this email by anyone other than the > intended addressee is unauthorized. If you are not the intended > recipient of this message, any review, disclosure, copying, > distribution, retention, or any action taken or omitted to be taken > in reliance on it is prohibited and may be unlawful. If you are not > the intended recipient, please reply to or forward a copy of this > message to the sender and delete the message, any attachments, > and any copies thereof from your system. > **************************************************************************** ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61112&t=61043 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
