I have received a reply which fixed the PIX specific part
of my question.
With the PIX I was getting the error:
106011: Deny inbound (No xlate) tcp
src inside:X.X.X.X/1047 dst inside:Y.Y.Y.Y/23
In the PIX config (version 4.4 at this particular site), the
in configuration file, there was already the line:
route inside 172.16.0.0 255.255.0.0 10.0.0.2 1
What I needed to add was:
static (inside,inside) 172.16.0.0 172.16.0.0 netmask 255.255.0.0 0 0
(Note: because it is a static conduit, traffic over this does not
get sent to the syslog, even though I have "logging trap debugging" in
the configuration.)
Thanks !!! to all the replys on the list, this matter of multiple
internal gateways and the behaviour of Windows PCs gives me one more
very important thing to highlight on my pre-install checklists.
- Randy
-
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:45 PDT