PIX Static, with VPN.. Two PIX problem.. Thoughts?

[<sase () inofficenetworks com>]

Hey all, 
I've got the following setup, that seems to work.. And then.. Stopped
working.. But If I reset the interfaces... It works.. Two PIX 501's

I have an office, with a couple of public IP's.

PIX 501A is behind one of these IP's (same subnet) let's say .1
PIX 501B is also behind of these IP's, let's say .2
PIX 501A provides natting for the LAN network... On .1

The private network behind 501A is .1.0
PIX501B provides VPN connectivity to a remote office location, private
network .2.0
Inside interface of both PIX501's are on the .1.0 nework.

> From pix 501A I can ping a host behind the VPN on 501B.. No problem.. 
I have a static (both directions) setup, for the the public IP, .3 on
PIX 501A, that translates to an address that is behind the tunnel on
PIX501B.. Access list, bidirectional, permit ip any any.. Permit icmp
any any.

TCP connections to a host behind the vpn on pix 501B.. Worked.. When I
first set it up.. I rebooted the machines.. And they still worked.. As I
predicted..

But now, every once a while, I get the following behavior.
I can ping from the outside world, to .3 and I get a reply, but tcp/ip
type stuff.. Doesn't work.

IE
Ping .3 => PIX501A Translates to .2 address.. Routes to PIX501B, 501B
then parses and throws it across the vpn to the rmote location.. This
works.. Flawlessly.. But then, tcp in the same fashion doesn't work.
If I reset the interface on PIX501B.. The TCP starts working again..

What's the deal? Any thoughts.. Is it faulty hardware? Or...? 


---------------------------

Paul Matuszewski
Director of Network Operations
Convergent Network Services
http://www.convergentns.net
V: (516) 620-2559
F: (516) 620-0062
C: (516) 816-4871

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards