Internet Access, PIX firewall Catalyst 2960

Unanswered Question
Jun 19th, 2007


I had a question regarding a PIX 506e firewall and a Catalyst 2960 switch and setting up internet access. Everything worked fine before I decided to subnet the internal network, I had it set up so the internet can be used and RDP can be passed through the firewall, ever sense I decided to subnet the network, I can still get RDP to pass through the firewall but I can not connect to the internet inside the network. Any advice would be much appreciated, thanks in advance!

Greg LePage

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pstebner1 Tue, 06/19/2007 - 10:57

Hi Greg-

It sounds like maybe you need an internal route on your PIX. How did you subnet, and what is the topology of your network?


sbsi_cisco Tue, 06/19/2007 - 13:41

Here is the scenario, I will try to describe it the best I can without confusing anyone. The current network I am building has been sub netted to the following;

Domain Controller 1: /

Domain Controller 2: /

Terminal Services 1: /

Terminal Services 2: /

Encrypted File System: /

On the terminal services I am using both the NICs to segment the network, so therefore they use the IP/SUB / & .21

I set up the PIX firewall to allow RDP connections to both TS1 and TS2. Now the issue I am having, is before I sub netted the network I could get both RDP connections and internet connections inside the internal network, however after doing what I described above I can still RDP into the network from the outside, but I can?t use the internet while inside. It?s weird because as soon as I change the subnet back to the internet works.

Sorry if this was confusing and thanks for your help!

-Greg LePage

JORGE RODRIGUEZ Tue, 06/19/2007 - 13:45

are your newly created subnets properly nat-ted for outbound internet access in the firewall?

pstebner1 Tue, 06/19/2007 - 14:24

You would have:

global (outside) 1 interface

nat (inside) 1

If you have this already, please post a config if you can.




This Discussion