Jump to content
Калькуляторы

Трабл с PIX не форвардятся пакеты из outside в private

Reply to this topic

evghoul   

evghoul
Posted (edited) · Report post

Добрый вечер!

 

Есть Cisco PIX Firewall Version 6.3(1)

Со стороны private сети есть хост 10.100.0.157, со стороны outside хосты, например, 30.30.30.30 и 43.43.43.43

Обоим надо достучаться до 514 порта UDP на 10.100.0.157

 

Заведены соотвествующие кондуиты:

 

object-group network SYSLOG-SRV-USERS
  network-object host 30.30.30.30
  network-object host 43.43.43.43

conduit permit udp host 10.100.0.157 eq syslog object-group SYSLOG-SRV-USERS

 

 

От хоста 43.43.43.43 пакеты валятся исправно

(с помощью debug packet пакетики видно и на outside, и на private)

 

От хоста 30.30.30.30 -- только на outside, на private полная тишина

 

#debug packet outside src 30.30.30.30 dst 10.100.0.157 proto udp dport 514

--------- PACKET ---------

-- IP --
30.30.30.30   ==>     10.100.0.157

        ver = 0x4       hlen = 0x5      tos = 0x0       tlen = 0x7a
        id = 0x63e      flags = 0x40    frag off=0x0
        ttl = 0x3e      proto=0x11      chksum = 0x2a85

        -- UDP --
                source port = 0x202     dest port = 0x202
                len = 0x66      checksum = 0xd03d

 

при замене на 

debug packet private src 30.30.30.30 dst 10.100.0.157 proto udp dport 514

-- молчание

 

Буду благодарен за любые подсказки.

Edited by evghoul

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Followers 0
Go to topic listing Активное оборудование Ethernet, IP, MPLS, SDN/NFV...