[THIN] Re: OT: Network IP routing issue
- From: "Higgins, Bob" <BHiggins@xxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 5 Feb 2004 08:54:41 -0700
We had a similar issue with our pix, and discovered that NAT was
implicitly two way, so the issue went away when we removed the reverse
NAT that our network guy had entered.
Bob Higgins, MCSE
Information Systems Server Administrator
Chinook Health Region
960 19th Street South
Lethbridge, Alberta
T1J 1W5
www.chr.ab.ca <http://www.chr.ab.ca/>
Phone: (403) 382-6338
Fax: (403) 382 6046
E-mail: bhiggins@xxxxxxxxx
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Boggan
Sent: February 5, 2004 8:24 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: OT: Network IP routing issue
no ICMP is open both ways. i can ping anything outside except
for our external ips which would go out and then right back in again.
it doesn't allow that.
_________________________________
Michael Boggan
Network Engineer/Citrix Admin
Virtual Desktop Inc.
Dallas, Texas
Ph: (972) 960-6400
Fax: (972) 960-6445
email: mboggan@xxxxxxxxxxx
http://www.virtualdesktopinc.com
<http://www.virtualdesktopinc.com/>
_________________________________
-----Original Message-----
From: Evan Mann [mailto:emann@xxxxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, February 04, 2004 4:57 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Network IP routing issue
Do you have some kind of access-list deny'ing outbound
ICMP? The pix does NOT block outbound ICMP (or anything for that
matter) in it's out of the box config. Look for conduit commands or
access-list commands with deny in them for ICMP
________________________________
From: thin-bounce@xxxxxxxxxxxxx
[mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Boggan
Sent: Wednesday, February 04, 2004 4:58 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] OT: Network IP routing issue
Ok here is something that is driving me nuts. We have
internet access in our datacenter. Inside we have 10.10.99.x ip scheme.
We use a pix firewall to do NAT from external ip to internal ip. We
cannot ping or hit in anyway, the external ips from inside. For
example. I have a webserver inside the firewall. From outside we can
hit www.domain.com with no problems. But from inside we cannot hit
www.domain.com or go to the external ip address. Is there some kind of
routing or someway to fix this? Not being able to hit those addresses
can be a severe problem for some of our internal wan clients.
Thanks,
_________________________________
Michael Boggan
Network Engineer/Citrix Admin
Virtual Desktop Inc.
Dallas, Texas
Ph: (972) 960-6400
Fax: (972) 960-6445
email: mboggan@xxxxxxxxxxx
http://www.virtualdesktopinc.com
<http://www.virtualdesktopinc.com>
_________________________________
Other related posts:
