Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1238
Views
0
Helpful
5
Replies

Problem with pix 501

n.ruggero
Level 1
Level 1

‎01-15-2002 07:08 AM - edited ‎02-20-2020 09:57 PM

I have installed a pix 501 to protect my web and mail servers inside a network divided in two lan

192.168.1.0/24 (the secure one-inside)

192.168.2.0/24 (outside)

I have many client on 192.168.2.x (outside) and I want to control access to my web and mail servers by the intranet

The outbound interface is is directly connected to a hub-port on which I have also my pc client

The Intbound interface is is directly connected to a hub-port on which I have also my servers

Mail server have Ip 192.168.1.30/24

Www server have Ip 192.168.1.23/24

When I try to connect to my servers from any pc on lan 192.168.2.x to take mail or browse I have no response without error messages on firewall

The firewall configuration is:

nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list 100 permit tcp any host 192.168.2.30 eq pop3

access-list 100 permit tcp any host 192.168.2.30 eq smtp

access-list 100 permit tcp any host 192.168.2.23 eq www

interface ethernet0 10baset

interface ethernet1 10full

ip address outside 192.168.2.40 255.255.255.0

ip address inside 192.168.1.40 255.255.255.0

global (outside) 1 192.168.2.100-192.168.2.110

global (outside) 1 192.168.2.111

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 192.168.2.30 192.168.1.30 netmask 255.255.255.255 0 0

static (inside,outside) 192.168.2.23 192.168.1.23 netmask 255.255.255.255 0 0

access-group 100 in interface outside

There is anyone that can help me?

Thanks

0 Helpful
5 Replies 5

turnbull
Level 1
Level 1

‎01-16-2002 01:57 AM

try " sysopt noproxyarp inside "

0 Helpful

KEVIN STEWART
Level 1
Level 1

‎01-17-2002 08:22 AM

Depending on the License, I thought the PIX 501 was limited to either 10 or 50 users, I am not entirely sure how this is enforced, but you might be hitting this limit...show version will show you the limit..

0 Helpful

acallegari
Level 1
Level 1
In response to KEVIN STEWART

‎01-19-2002 06:47 AM

s

0 Helpful

ajd
Level 1
Level 1

‎01-20-2002 08:02 PM

hubs dont do full duplex =)

set the interfaces to auto of 10half.

-ne1secure?

0 Helpful

n.ruggero
Level 1
Level 1

‎01-21-2002 12:19 AM

Thanks to all

I've resolved my problem adding a static Route to my server Mail/Web

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card