Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX's Behind a PIX - Not working.

Status
Not open for further replies.
fatboy69

fatboy69

Technical User
May 15, 2002
56
AU
Hi,

I have a bit of a wierd one with a client I am visiting. They have 3 pixs on my internal network. One is the Internet device which is providing NAT for the internal network. the other 2 sit on the internal subnet behind the internet pix. these 2 pixs are protecting another 2 private networks each. The problem is that I can get out to the internet from the network that is behind the interent pix, but any of the networks that are behind the other 2 pixs can not get to the internet.

the design is as follows.

-----------
Interent
-----------
|
|
PIX_GW
|
Internal network1
|
/ \
/ \
/ \
PIX1 PIX2
| |
| |
Privnet1 Privnet2

Very basic but that is the desing. PIX1 and PIX2 are doing NAT. I'm stumped as prior to putting in the Internt PIX they had a windows 2000 box running routing n remote access doing basic NAT and it works fine.

the only thing I could think of is the security levels on the interfaces could this have somthing to do with it?

Cheers. FB.
 
Sort by date Sort by votes
It may be due to both firewalls are randomizing the sequence numbers. Modify your "nat (inside) 1...." statements so the internal firewalls don't randomize the sequence. The commands would look like the one below:

nat (inside) 1 10.10.10.0 255.255.255.0 norandomseq


Do it on both internal firewalls, and then issue a "clear xlate" command. If it doesn't solve the issue remove the modifications made to the "nat..." command
 
Upvote 0 Downvote
Thanks for you're reply. Solved it by looking at every device in thier network and found a Catalyst switch undocumented that acted as a distribution switch and when I cleared the ARP cache on this device it worked perfectly.

FB.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Miluis
  • Locked
  • Question
How necessary is an antivirus?
Replies
3
Views
320
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
disturbedone
  • Locked
  • Question
proxy.pac not working correctly in IE11
Replies
0
Views
269
disturbedone
disturbedone
Sparrow4
  • Locked
  • Question
AnyConnect + Azure + SAML
Replies
0
Views
650
Sparrow4
Sparrow4
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
262
brownmab53
brownmab53

Part and Inventory Search

Sponsor

Back
Top