Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
4
Replies

PIX 501 Rule Config

Jamesy281
Level 1
Level 1

‎06-08-2009 02:23 AM - edited ‎03-11-2019 08:40 AM

I have been asked to a PIX 501 between our lan and a database server (on the same lan) to allow access to certain ports.

I have configured it with two test PCs and set up a rule to allow RDP but I cannot get access.

I have attached the running config and a basic diagram of the test setup if someone could tell me where I am going wrong I would be grateful.

Labels:
Preview file
2 KB
Preview file
3 KB
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎06-08-2009 03:03 AM

James

I can't view the diagram (perhaps post as .jpg/.png) but from the config i am confused.

Your 2 pc's are

name 192.168.1.52 TestPC

name 192.168.1.2 TestPC2

your pix interfaces are

ip address outside 192.168.0.1 255.255.255.0

ip address inside 192.168.1.144 255.255.255.0

so both your PC's are on the same network ie. 192.168.1.x. So they will not go through the pix to communicate with each other. If you have physically set it up so one PC is connected to the outside of the pix and the other to the inside then this will never work with your current setup.

You have applied this acl to your outside interface -

access-list outside_access_in permit tcp host TestPC2 host TestPC eq 3389

but TESTPC2 is not in the 192.168.0.x network that the outside interface is in.

Perhaps you could clarify the layout ie. post a .jpg/.png and the IP address of TESTPC2 ?

Jon

0 Helpful

Jamesy281
Level 1
Level 1
In response to Jon Marshall

‎06-08-2009 04:01 AM

Hi Jon,

Thankis for the quick reply,

I had to assign the 192.168.1.0.1 to outside interface as the ouside and inside interface cannot have an address in the same IP range.

To complete the test I need to have 192.168.1.2 connect to 192.168.1.152 via the firewall using an ACl rule.

Thanks.

Preview file
2 KB
0 Helpful

Jamesy281
Level 1
Level 1
In response to Jamesy281

‎06-08-2009 04:04 AM

Sorry here is the correct drawing

Preview file
17 KB
0 Helpful

Jamesy281
Level 1
Level 1
In response to Jamesy281

‎06-25-2009 12:51 AM

Hi Jon,

Forgetting the info from my test can you see any way to firewall traffic from the lan to the DB server also on the same lan using the PIX 501?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card