> > We ended up nating the Public IPs to themselves on the DMZ.

> I'm confused - you isolated this as being the problem or the solution?
> :-)

That was the solution.  If we had Nat turned off on the DMZ, the computers
with multiple IPs on the same interface would only get traffic from the
Internet on their primary IP.


> With Cisco, the key is knowing *exactly* what you're buying.  They have
> made the equipment + IOS feature set puzzle rather frightening as of
> late.   I've used all cisco gear for the past 7 years, and I love it -
> and have done some very complicated configs (especially with the PIX).
> The failover in the PIX is one of the best implemented I've ever come
> had the pleasure of relying on.

This is my first experience with PIX.  We primarily use 7206VXRs (for 5 to 6
years) on our network terminating T1 and DS3 leased lines utilizing
frame-relay, HDLC, and ATM protocols.  I have managed to come across 3-4
bugs that Cisco had yet to come across on the 7200 series platform.  I have
to admit that most of the support personnel Cisco contracts have good
knowledge (much better than mine), but I have yet to have one come to a
different conclusion on a problem than myself or my primary technician.
Anyways, the network is running stable now, and as long as the new IOS put
on those bad boys 2.5 months ago doesn't have any memory leaks, I will be
happy. ;)

Gilbert

---
[ This E-mail was scanned for viruses by Phoenix Internet ]
[ Phoenix Internet www.phoenixinternet.net ]