On 10/01/2009 09:34 PM, kirt wrote:
> Maybe I'm missing something, but for whatever stupid reason, I can't figure
> this out.
> Currently, my network is something like this...
> remote sites (dedicated connections over cisco routers) (10.3.128.0 and
> main LAN at my building (10.3.0.0/17)
> core router (inside 10.3.0.1 - outside 10.1.0.1)
> iPrism web filter (10.1.0.2)
> Cisco PIX (10.1.0.3)
> From machines on the LAN, I cannot ping 10.1.0.4 at all.
> From the m0n0wall, I can ping all the other 10.1.0.x addresses
This is similar to a setup I run for a friend.
-Add a rule on the 10.1.0.x interface to allow tcp/80 from 10.3.0.0/17
or wherever you want to manage it from.
-Add the route to 10.3.0.0/17 (and 10.3.128.0/17-blocks). I assume
you've done so, but better ask than not.
I just recently replaced the particular 1.11 box with something more
recent. It's been up continuously since 1.11 got published.