[nsp] Firewall question

From: Ken Reiss (KReiss@PortONE.com)
Date: Fri Feb 15 2002 - 08:43:47 EST


Hi all,

This may be a bit off topic, but I figured someone here might have dealt
with this before:

We have a client with ISDN coming into a Cisco 802. For years the 802
did NAT to a few internal network computers and all was fine. On
Wednesday, we added a PIX 501 firewall between the router and their
internal network. We removed NAT from the 802 and brought in static IPs
to it (for their VPN needs).

We configured the PIX 501 to do PAT so all the internal machines would
share just the one public IP of the firewall and all seemed fine.
However, since then they have had sporadic lack of connectivity through
the firewall.

At these times, their ISDN is connecting ok and we are able to ping both
the router and firewall from the outside. But they get periods (1-3
minutes) of timeout errors. Then, magically, everything starts working
on its own shortly thereafter.

I triple checked every firewall setting I could think of (we don't have
ANY vpn stuff in there at all, yet) and am stumped.

Perhaps someone else has dealt with this successfully and can steer me
in the right direction?

Thank you for your time,
Ken Reiss.

--

************************* Kenneth A. Reiss Port One Internet, Inc. 160 Chapel Road Manchester, CT 06040 860-722-3000 860-533-0033 Fax: 533-7225 *************************



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:05 EDT