I have a Pix 515e running PIX Version 8.0(3) and ASDM 6.0. The PIX has three interfaces (outside, inside, and backup.) The backup interface is an interface card connected to my secondary ISP. I've got the PIX set up for route tracking on my primary ISP on the outside interface, so when it 'goes down', the PIX routes all traffic through to my secondary ISP via the "backup" interface. This all works great. I've duplicated my VPNs on the backup interface, and they all work fine when running on the secondary ISP. I've duplicated the statics that I already had in place on the outside interface (which all work fine) over to the backup interface. The new statics use global IPs provided by my backup ISP of course.
The problem is that one of these "mirrored" statics (for outside access to an internal server) does not work. This is odd because I have other "duplicates" configured in exactly the same way that work fine. When I run Packet tracer it tells me the the packet is "allowed" and I get a hit on the access rule. But when I try it for real I don't even get a hit on the access rule. I'm positive it's not a syntax error in the static statement the or ACL, and I know the IP address I'm trying to use for this particular static is good. I am approaching my wit's end. My cisco skills are not the greatest. Does anyone have any ideas as to why this won't work, or how I might troubleshoot this? They would be appreciated greatly! Thanks.
a posted config would help
9 years 6 months ago #30450