PIX...

Unanswered Question

PIX-501

PIX Firewall Version 6.3(4)

PIX Device Manager Version (3.0(2)

Here's what I want to accomplish...

Internal network = 192.168.1.0

Remote network = 12.34.56.0

Need remote machine (12.34.56.78) to connect through PIX to local machine (192.168.1.1). Remote network is directly connected to PIX via Cat-5.

How do I configure the PIX to allow this?

Thanx.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Mon, 07/27/2009 - 11:24

Create a static-

static (inside,outside) [outside ip] 192.168.1.1 netmask 255.255.255.255

Then add an entry in your ACL to allow the ports in.

access-list outside_access permit tcp host 12.34.56.78 host [outside ip] eq 80

The [outside ip] should be in the same subnet as your outside interface (I believe it's 12.34.56.x).

Hope that helps.

Collin Clark Mon, 07/27/2009 - 11:51

Looks good. Sometimes you have to do a clear xlate before it will work. Note that a clear xlate will clear all NAT translations! Also check the hit counts on the ACL.

Collin Clark Mon, 07/27/2009 - 11:55

Can you throw a little diagram together w/IP's (hide any public)? I thought the client was local on the outside interface? Any hits on the ACL?

Take a look at the attached image. I tried to make it as accurate as possible. The rules on the PIX allow all traffic from the 10.20.30.0 network. The rules on the 2600 only allow traffic from the 10.20.30.0 network through, one-way, toward the 192.168.1.0 network. I'm open to suggestions. This configuration worked perfectly for a number of years until the week before last. Thanx.

Attachment: 
Collin Clark Mon, 07/27/2009 - 13:22

What changed in the past two weeks that you know of? In the 2600 do you see traffic come through? Any hist on the ACL on the PIX/ASA?

Actions

This Discussion