01-09-2008 09:43 AM - edited 03-11-2019 04:45 AM
Hi all,
Lets look my configuration:
static(inside,outside) tcp 23.56.67.78 www 192.168.1.2 www netmask 255.255.255.255
static (inside,outside) tcp 23.56.67.78 smtp 192.168.1.3 smtp netmask 255.255.255.255
access-list out_in permit tcp any host 23.56.67.78 eq www
access-list out_in permit tcp any host 23.56.67.78 eq smtp
access-list out_in applied on outside interface.
Port redirection is working well for SMTP traffic but not working for WWW.
When i check show connection, it shows me that traffic of port 80 reached to my PIX with flags SaAB.
Any help will be highly appreciated.
Thanks
01-09-2008 10:08 AM
what is the output of show xlate?
also, 23.56.67.78 isn't the IP of the outside interface, is it?
01-12-2008 04:03 AM
Yes 23.56.67.78 is not the outside interface, its our MX record.
Show conn lport 80
TCP out x.y.z:1234 in 23.56.67.78:80 flags SaAB
01-14-2008 07:53 AM
SaAb Means a Syn has been sent but the firewall is waiting for an ack.
In other words there is no return traffic passing thru the firewall. Maybe there's not an active webserver or the packet is beeing droppped between the firewall and webserver.
If the server is in an directly connected network thats unlikely tho.
Make sure there is a active web server on 192.168.1.2 that is active on port 80, and has the correct ip configuration.
01-14-2008 10:22 AM
Thanks for your suggestion.
My web server is active, I can access from inside network.
I feel there is some routing issues for not reaching back to the firewall.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide