RE: do you know why? [7:72352]

2003-07-16 Thread Reimer, Fred
:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 11:23 PM To: [EMAIL PROTECTED] Subject: Re: do you know why? [7:72352] I'm not very familiar with the newer releases of PIX software, but do you have to enable ICMP on those interfaces? It looks to me like you only have ICMP allowed going one direction

RE: do you know why? [7:72352]

2003-07-16 Thread Wilmes, Rusty
I'd think that if it was an access list that it would either work or not work but NOT not work until you try it from the other side. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 8:23 PM To: [EMAIL PROTECTED] Subject: Re: do you know why

RE: do you know why? [7:72352]

2003-07-16 Thread John Neiberger
it from the other side. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 8:23 PM To: [EMAIL PROTECTED] Subject: Re: do you know why? [7:72352] I'm not very familiar with the newer releases of PIX software, but do you have to enable ICMP

Re: do you know why? [7:72352]

2003-07-16 Thread Vajira Wijesinghe
Now i could narrow down the problem little bit. I observe this is happening ONLY to some Lantronix and Annex Terminal servers at outside zone.(where i gave the name server-A). Sun servers on the same subnet as of these terminal servers, do NOT show this abnormal behaviour and they respond

RE: do you know why? [7:72352]

2003-07-16 Thread Jim Devane
but NOT not work until you try it from the other side. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 8:23 PM To: [EMAIL PROTECTED] Subject: Re: do you know why? [7:72352] I'm not very familiar with the newer releases of PIX software, but do you have

RE: do you know why? [7:72352]

2003-07-16 Thread Wilmes, Rusty
- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 8:23 PM To: [EMAIL PROTECTED] Subject: Re: do you know why? [7:72352] I'm not very familiar with the newer releases of PIX software, but do you have to enable ICMP on those interfaces? It looks to me like you only

Re: do you know why? [7:72352]

2003-07-15 Thread Vajira Wijesinghe
What I have is exactly 6.3 So it looks like a bug in the version? Thanks a lot Wilmes, for your observation and sharing with everyone. Wilmes, Rusty wrote: sounds like from b a you dont have an nat xlate established. when you go from a b it creates the xlate so that b a starts working.

RE: do you know why? [7:72352]

2003-07-15 Thread Wilmes, Rusty
sounds like from b a you dont have an nat xlate established. when you go from a b it creates the xlate so that b a starts working. We had a problem after upgrading from 6.1.1 to 6.3 where one of our vpn partners couldn't get in til we pinged a host on their side. Error in the syslog was a

RE: do you know why? [7:72352]

2003-07-15 Thread Degracia, Alex
Sounds like arp requests arent being allowed through. Once its the arp cache is maintained, it knows where to forward the packets. Just my theory. -Original Message- From: Vajira Wijesinghe [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 8:23 AM To: [EMAIL PROTECTED] Subject:

Re: do you know why? [7:72352]

2003-07-15 Thread John Neiberger
I'm not very familiar with the newer releases of PIX software, but do you have to enable ICMP on those interfaces? It looks to me like you only have ICMP allowed going one direction. This is a very common problem and easily fixed. Also, if something is being blocked it should be apparent from the