Unanswered Question


PIX Firewall Version 6.3(4)

PIX Device Manager Version (3.0(2)

Here's what I want to accomplish...

Internal network =

Remote network =

Need remote machine ( to connect through PIX to local machine ( Remote network is directly connected to PIX via Cat-5.

How do I configure the PIX to allow this?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Mon, 07/27/2009 - 11:24
User Badges:
  • Purple, 4500 points or more

Create a static-

static (inside,outside) [outside ip] netmask

Then add an entry in your ACL to allow the ports in.

access-list outside_access permit tcp host host [outside ip] eq 80

The [outside ip] should be in the same subnet as your outside interface (I believe it's 12.34.56.x).

Hope that helps.

Collin Clark Mon, 07/27/2009 - 11:51
User Badges:
  • Purple, 4500 points or more

Looks good. Sometimes you have to do a clear xlate before it will work. Note that a clear xlate will clear all NAT translations! Also check the hit counts on the ACL.

Collin Clark Mon, 07/27/2009 - 11:55
User Badges:
  • Purple, 4500 points or more

Can you throw a little diagram together w/IP's (hide any public)? I thought the client was local on the outside interface? Any hits on the ACL?

Take a look at the attached image. I tried to make it as accurate as possible. The rules on the PIX allow all traffic from the network. The rules on the 2600 only allow traffic from the network through, one-way, toward the network. I'm open to suggestions. This configuration worked perfectly for a number of years until the week before last. Thanx.

Collin Clark Mon, 07/27/2009 - 13:22
User Badges:
  • Purple, 4500 points or more

What changed in the past two weeks that you know of? In the 2600 do you see traffic come through? Any hist on the ACL on the PIX/ASA?


This Discussion