08-27-2008 01:02 AM
Hi,
I have PIX 506E with OS 6.3(5). I have only one public IP address which I assigned to PIX Outside Interface. I also NATed this public IP address to the Mail server running Exchange Server 2003.
I discovered I could not access PDM anymore after NATing Mail server internal IP address to the PIX Outside IP address.
What can I do in a case like this where I have only one public IP address that should be used for PIX Outside Interface and Mail server?
See my config below.
name 192.168.16.1 Server
access-list outside_access_in permit tcp any host 217.x.x.237 eq https
access-list outside_access_in permit tcp any host 217.x.x.237 eq smtp
access-list outside_access_in permit tcp any host 217.x.x.237 eq www
ip address outside 217.x.x.237 255.255.255.248
ip address inside 192.168.16.254 255.255.255.0
static (inside,outside) tcp 217.x.x.237 www Server www netmask 255.255.255.255 0 0
static (inside,outside) tcp 217.x.x.237 https Server https netmask 255.255.255.255 0 0
static (inside,outside) tcp 217.x.x.237 smtp Server smtp netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_out in interface inside
When I disable PDM with "no http server enable" command OWA works. But when I re-enable PDM OWA stops working.
Any ideas on the reason for this?
Regards.
08-27-2008 01:54 AM
The PDM listens on port 443 - so if you are forwarding onto an internal web server, the firewall will be unable to listen for PDM connections.
It might be better to configure for PDM connections on the "inside" interface.
HTH>
08-27-2008 04:59 AM
Thank you for your prompt response.
How do I configure for PDM connections on the "inside" interface?
Regards.
08-27-2008 05:09 AM
http server enable
http x.x.x.x y.y.y.y inside
x.x.x.x = inside IP subnet
y.y.y.y = subnet mask.
So for example
http 192.168.0.0 255.255.0.0 inside
Now if you have remote VPN configured - you will PDM from your VPN connection as long as the ip pool for the remote VPN is in the 192.168.0.0 - for example.
Or you could just RDPsession to an internal server, then run the PDM from that server.
HTH.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: