> It would help if you posted the config. :-)
The configuration has some sensitive information in it...
It is a PIX515E w/DMZ (3 physical interfaces)
1. The web server is on the DMZ (interface 3). The DMZ allows for the whole
subnet (only the web server is on the dmz) PING, FTP, HTTP, and HTTPS from
the Internet (interface 1).
2. The DMZ and the local net (interface 2) are unrestricted to each other.
3. The local net is uses PAT.
4. NAT is disabled for the DMZ, all servers utilize public IPs (One server,
multiple IPs for SSL).
5. I can ping all of the IPs from the local net on the DMZ.
6. I can only ping the primary IP on the web server from the Internet. The
same goes for TCP traffic. I can only make connections to the primary IP.
7. I put a monitor on the web server to see if any traffic destined to the
secondary IPs is seen. All traffic from the Internet to the secondary IPs
is being blocked.
8. Moved one of the secondary IPs off of the server to a second machine.
That IP is reachable as soon as it is moved to the second machine.
Somehow I think it has something to do with the ARP cache. I am clueless at
this point.
Gilbert
---
[ This E-mail was scanned for viruses by Phoenix Internet ]
[ Phoenix Internet
www.phoenixinternet.net ]
(text/plain)