Hi,
we have 2pix firewalls set as follows;
server --->pix1>---internet---->pix2>------rout
er>---lan
from 'lan', we get to internet and to 'server' no problem.
from server we cannot get to lan.
pix1 allows all outbound and inboubd to server from lan(as per above confirmed).
pix2 allows server inbound to lan + has route statement pointing to router for internal lan. We know route statements work as lan can browse internet.
heres the issue. server cannot reach lan devices, it can reach router which is connected to pix2. If a device on 'lan' pings server behind pix1, server is then able to connect to the device in the lan.
only the devices in lan which ping the server are able to have a session initiated from server to lan device.
This seems very strange. If there is no ping from the lan, traceroutes from the server only go as far as pix1.
fyi - theres no nat, not vpns , this is purely ip with real addresses (no rfc 1918)
does anyone have ideas, this seems perplexing.