host to host communication in PIX 7.1(1)

Mansoor Hafeez · ‎08-11-2007

Greetings

Attached is my sample network security setup. My network is actually closed network which is not connected to outside world but We are attached to the number of untrusted networks but my requirement is to provide the connection based on host to host communication.

In this regard I am facing the problem with the PIX Firewall.

If i issue the command

access-list 101 extended permit tcp host 192.168.100.1 host 172.16.2.29 eq 6002

(i m using the 172.16.2.29 as a static NAT address for the 192.168.100.1 address)

than the communication didn't go through the firewall but if i issue the command

access-list 101 extended permit tcp any host 172.16.2.29 eq 6002

than everything works fine and communication is done without any issue.

The Pix Firewall version i am using is 7.1(1)

Please keep in mind that i have used only one as a sample, the same applies for the other untrust hosts. I am facing the same problem.

Thanks in advance for the answer.

Mansoor

froggy3132000 · ‎08-11-2007

Since you are Static natting you need to allow traffic to the pre-Nat'd IP (host visible to other hosts)

what is the source address of the host that will initiate the traffic to 172.16.2.29 on port 6002?

Mansoor Hafeez · ‎08-12-2007

The source address that will always initiate the traffic for 172.16.2.29 is 172.16.2.22.