×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Problem with pix 501

Unanswered Question
Jan 15th, 2002
User Badges:

I have installed a pix 501 to protect my web and mail servers inside a network divided in two lan


192.168.1.0/24 (the secure one-inside)

192.168.2.0/24 (outside)


I have many client on 192.168.2.x (outside) and I want to control access to my web and mail servers by the intranet

The outbound interface is is directly connected to a hub-port on which I have also my pc client

The Intbound interface is is directly connected to a hub-port on which I have also my servers


Mail server have Ip 192.168.1.30/24

Www server have Ip 192.168.1.23/24


When I try to connect to my servers from any pc on lan 192.168.2.x to take mail or browse I have no response without error messages on firewall


The firewall configuration is:


nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list 100 permit tcp any host 192.168.2.30 eq pop3

access-list 100 permit tcp any host 192.168.2.30 eq smtp

access-list 100 permit tcp any host 192.168.2.23 eq www

interface ethernet0 10baset

interface ethernet1 10full

ip address outside 192.168.2.40 255.255.255.0

ip address inside 192.168.1.40 255.255.255.0

global (outside) 1 192.168.2.100-192.168.2.110

global (outside) 1 192.168.2.111

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 192.168.2.30 192.168.1.30 netmask 255.255.255.255 0 0

static (inside,outside) 192.168.2.23 192.168.1.23 netmask 255.255.255.255 0 0

access-group 100 in interface outside


There is anyone that can help me?


Thanks




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
KEVIN STEWART Thu, 01/17/2002 - 08:22
User Badges:

Depending on the License, I thought the PIX 501 was limited to either 10 or 50 users, I am not entirely sure how this is enforced, but you might be hitting this limit...show version will show you the limit..

ajd Sun, 01/20/2002 - 20:02
User Badges:

hubs dont do full duplex =)

set the interfaces to auto of 10half.


-ne1secure?

n.ruggero Mon, 01/21/2002 - 00:19
User Badges:

Thanks to all

I've resolved my problem adding a static Route to my server Mail/Web



Actions

This Discussion