PIX 501 Rule Config

Unanswered Question
Jun 8th, 2009

I have been asked to a PIX 501 between our lan and a database server (on the same lan) to allow access to certain ports.

I have configured it with two test PCs and set up a rule to allow RDP but I cannot get access.

I have attached the running config and a basic diagram of the test setup if someone could tell me where I am going wrong I would be grateful.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 06/08/2009 - 03:03


I can't view the diagram (perhaps post as .jpg/.png) but from the config i am confused.

Your 2 pc's are

name TestPC

name TestPC2

your pix interfaces are

ip address outside

ip address inside

so both your PC's are on the same network ie. 192.168.1.x. So they will not go through the pix to communicate with each other. If you have physically set it up so one PC is connected to the outside of the pix and the other to the inside then this will never work with your current setup.

You have applied this acl to your outside interface -

access-list outside_access_in permit tcp host TestPC2 host TestPC eq 3389

but TESTPC2 is not in the 192.168.0.x network that the outside interface is in.

Perhaps you could clarify the layout ie. post a .jpg/.png and the IP address of TESTPC2 ?


Jamesy281 Mon, 06/08/2009 - 04:01

Hi Jon,

Thankis for the quick reply,

I had to assign the to outside interface as the ouside and inside interface cannot have an address in the same IP range.

To complete the test I need to have connect to via the firewall using an ACl rule.


Jamesy281 Thu, 06/25/2009 - 00:51

Hi Jon,

Forgetting the info from my test can you see any way to firewall traffic from the lan to the DB server also on the same lan using the PIX 501?


This Discussion