--===============1651719132==
Content-Type: multipart/alternative;
boundary="----=_Part_8609_32710360.1149710018934"

------=_Part_8609_32710360.1149710018934
Content-Type: text/plain; charset=WINDOWS-1252; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On the OS older than 7.0 there has been a rule that the PIX will not allow
traffic out and back in the same interface. I thought the 7.0 code did away
with this default rule. There may be a command to enable this ability on th=
e
7.0?


On 6/6/06, Charles Norton wrote:
>
>
>
> Hello everyone, I apologize if this is a question that has been answered
> previously (this is my first time joining the list, and posting to it as
> well) =96 I looked through some of the archives and couldn't find anythin=

g
> that addressed it (or maybe its likely that I don't know how to properly
> describe the issue).
>
>
>
>
>
> I have a Cisco Pix 515 UR, with PIX 7.04 OS and ASDM 5.04 (the newest of
> both). =96 I had my friend help me setup the box at his datacenter and fo=

r the
> most part its been working, except I realized recently once we moved all =

the
> servers behind it (they're all Virtual Machines running on a single box =

=96
> which should be irrelevant I suppose) the machines were then unable to
> communicate with each other using their public IP #'s.
>
>
>
> Where this became obvious is that, I have 2 SMTP servers, one Exchange
> server and another is part of Plesk Hosting panel =96 when users on one s=

ystem
> email users on another =96 they're using the @whatever.com domain name,
> which can't be resolved because those servers can't communicate on the
> public equivalents of what has been NAT'd to the private network which
> resides on 10.0.1.x
>
>
>
> A good way to describe is =96 if I go on a machine, it has IP of 10.0.1.2=

3(internal) which is NAT'd to an external IP of
> 38.118.71.83 (outside) =96 coming from the general Internet, if I hit tha=

t
> IP #, I would get a ping back, as well as a connection to the web server =

on
> there. =96 If I try to do the same FROM that machine, or from any other
> machine on the PIX, it can't find the route to connect.
>
>
>
> Does this make sense?
>
>
>
> Can anyone maybe offer any advice or guidance in the matter?
>
>
>
> If anyone might be able to lend some assistance I would be most grateful.
>
>
>
> Thank you,
>
> Charles
>
>
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>
>
>


------=_Part_8609_32710360.1149710018934
Content-Type: text/html; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On the OS older than 7.0 there has been a rule that the PIX will not
allow traffic out and back in the same interface. I thought the 7.0
code did away with this default rule. There may be a command to enable
this ability on the 7.0?



On 6/6/06, rname">Charles Norton <
>cnorton@centralnervous.com
> wrote:

_quote" style=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt=
0pt 0.8ex; padding-left: 1ex;">













ily: Arial;"> 



ily: Arial;">Hello everyone, I apologize if this is a question that has
been answered previously (this is my first time joining the list, and posti=
ng
to it as well) =96 I looked through some of the archives and couldn't
find anything that addressed it (or maybe its likely that I don't know
how to properly describe the issue).



ily: Arial;"> 



ily: Arial;"> 



ily: Arial;">I have a Cisco Pix 515 UR, with PIX 7.04 OS and ASDM 5.04
(the newest of both). =96 I had my friend help me setup the box at his data=
center
and for the most part its been working, except I realized recently once we
moved all the servers behind it (they're all Virtual Machines running on
a single box =96 which should be irrelevant I suppose) the machines were
then unable to communicate with each other using their public IP #'s.
>



ily: Arial;"> 



ily: Arial;">Where this became obvious is that, I have 2 SMTP servers,
one Exchange server and another is part of Plesk Hosting panel =96 when use=
rs
on one system email users on another =96 they're using the
@ ..OpenExtLink(window,event,this)">whatever.com domain name, which can't =
be resolved because those servers
can't communicate on the public equivalents of what has been NAT'd
to the private network which resides on 10.0.1.x



ily: Arial;"> 



ily: Arial;">A good way to describe is =96 if I go on a machine, it
has IP of top.js.OpenExtLink(window,event,this)">10.0.1.23 (internal) which is NA=
T'd to an external IP of
OpenExtLink(window,event,this)">38.118.71.83 (outside) =96 coming from =
the general Internet, if I hit that
IP #, I would get a ping back, as well as a connection to the web server on
there. =96 If I try to do the same FROM that machine, or from any other
machine on the PIX, it can't find the route to connect.



ily: Arial;"> 



ily: Arial;">Does this make sense?



ily: Arial;"> 



ily: Arial;">Can anyone maybe offer any advice or guidance in the matter? span>



ily: Arial;"> 



ily: Arial;">If anyone might be able to lend some assistance I would be
most grateful.



ily: Arial;"> 



ily: Arial;">Thank you,



ily: Arial;">Charles



ily: Arial;"> 



ily: Arial;"> 










_______________________________________________
firewall-wizar=
ds mailing list
s)" href=3D"mailto:firewall-wizards@listserv.icsalabs.com">firewall-wizards=
@listserv.icsalabs.com

"https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards" target=3D=
"_blank">https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>






------=_Part_8609_32710360.1149710018934--

--===============1651719132==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============1651719132==--