From: Thunai Selvam \(thunai\) (thunai@cisco.com)
Date: Mon Jul 24 2006 - 01:45:31 ART
Yes.. Its getting translated to itself. But from the IDS point of view ,
it still going to get an IP from the same subnet.. I have allow the
entire subnet on the IDS
Regds
Thunai
________________________________
From: Thomas E. Cook [mailto:tecook@designsbyt.com]
Sent: Monday, July 24, 2006 6:03 AM
To: Thunai Selvam (thunai)
Subject: RE: IDS with HTTP
I'm going to assume that you "carried your original address thru the
firewall" with the static command. If that's the case and it works then
your problem is probably your trusted users list on the IDS itself. You
will need to add the PAT address of the firewall since that's where your
connections will source from when using pat.
Thomas
No CCIE number yet...testing in December.
________________________________
From: nobody@groupstudy.com on behalf of Thunai Selvam (thunai)
Sent: Sat 7/22/2006 8:19 PM
To: security@groupstudy.com
Subject: IDS with HTTP
Hi
I have comes across this following observation , thought let me
check with the team
PC ---- PIX ----- IDS
i have enabled HTTP on IDS instead of HTTPS. I am using Pat for the PC
ip address to the Outside IP address of the PIX.
I can ping the IDS ip address from the PIX
But i am not able to HTTP to the IDS. ( I have allowed http on the ACL
say access-list outside permit tcp any eq 80 any )
However when i do static Translation for the PC ip address the same
config Works..
Any thoughts.
Regds
Thunai
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART