I'm sorry I made a mistake the subnet between catalyst4006 and customer's firewall is
10.10.1.213/30, Catalyst4006's interface address is 10.10.1.213, firewall's interface
address is 10.10.1.214.
Sorry.
Joe
On Mon, 28 Jun 2004 21:24 , Tony Rall [EMAIL PROTECTED] sent:
On Monday,
Hi Joe,
It would be good to know the type (and software version) of firewall as it
could be the firewall and not the switch that's the problem. For instance,
there's a known bug with checkpoint and NAT where automatic arp entries
disappear.
If you can ping it all from the catalyst but not from
Joe Shen wrote:
I'm sorry I made a mistake the subnet between catalyst4006 and
customer's firewall is
10.10.1.213/30, Catalyst4006's interface address is 10.10.1.213,
firewall's interface
address is 10.10.1.214.
Have you tried enabling a monitor port on the Cat4k and sniffing what
exactly is
Joe,
If you are using NAT 0 you need to have a static translation enabled.
Otherwise when the machine first comes up it arp's which creates an xlate
entry on the PIX which times out when the inactivity timer runs out.
This causes behavior similar to what you are experiencing
It is possible that this issue is being cause by the customer's firewall as
well. Every Ethernet cable has two ends. :) I would check and see if the
customer's firewall log says anything. I believe doing a shut/no shut on
the Cat 4006 causes the Ethernet link to 'flap' on the port, causing the
Joe Shen wrote:
The customer is allocated a Class C address block 192.168.5/24. And , they connect their network to our
network by using a firewall. The Interface on Cata4006 is set up as no switchport, and inter-connecting
subnet is configured between Cata4006 and firewall
Some things you can look into:
firewall interface(10.10.1.122/30).
ip route 192.168.5.0 255.255.255.0 10.10.1.124
Is that the firewall interface is 10.10.1.122, or is it 10.10.1.124?
10.10.1.122 is a host address in the 10.10.1.120/30 subnet.
10.10.1.124 is a /30 network. Either
On Monday, 2004-06-28 at 20:41 MST, Greg Schwimer [EMAIL PROTECTED]
wrote:
Some things you can look into:
firewall interface(10.10.1.122/30).
ip route 192.168.5.0 255.255.255.0 10.10.1.124
Is that the firewall interface is 10.10.1.122, or is it 10.10.1.124?
10.10.1.122 is a host