515 connectivity problem.....................................

Unanswered Question

Following on from my previous conversation as suggested I am pasting the pix config for suggestions.

Thanxs

PIX Version 5.1(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz1 security10

nameif ethernet3 pix/intf3 security15

nameif ethernet4 pix/intf4 security20

nameif ethernet5 failover security50

hostname pix

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol smtp 25

fixup protocol sqlnet 1521

no fixup protocol rsh 514

names

access-list acl_in permit ip any AAA.AAA.AAA.0 255.255.255.0

access-list acl_in permit ip any BBB.BBB.BBB.0 255.255.255.0

access-list acl_in permit ip any AAA.AAA.AAA.0 255.255.255.0

access-list acl_in permit tcp host AAA.AAA.AAA.130 any eq smtp

access-list acl_in permit ip host AAA.AAA.AAA.130 host CCC.CCC.CCC.38

access-list acl_in permit ip host CCC.CCC.CCC.130 host CCC.CCC.36.49

access-list acl_in permit ip host CCC.CCC.CCC.10 any

access-list acl_in permit ip host DDD.DDD.DDD.25 any

access-list acl_in permit tcp any any eq www

access-list acl_in permit tcp any any eq 8080

access-list acl_in permit tcp any any eq 443

access-list acl_in permit udp any any eq domain

access-list acl_in permit tcp any any eq whois

access-list acl_in permit tcp host DDD.DDD.DDD.138 any eq ftp

access-list acl_in permit tcp host AAA.AAA.AAA.138 any eq ftp-data

access-list acl_in permit tcp host AAA.AAA.AAA.138 any eq ftp

access-list acl_in permit tcp host AAA.BBB.AAA.132 any eq ftp-data

access-list acl_in permit tcp any host AAA.AAA.1.254 eq ftp

access-list acl_in permit tcp any host AAA.AAA.A.254 eq ftp-data

access-list acl_in permit tcp any host AAA.AA.AAA.140 eq ftp

access-list acl_in permit tcp any host AAA.AA.AAA.140 eq ftp-data

access-list acl_in permit tcp any host AAA.CCC.DDD.10 eq ftp

access-list acl_in permit tcp any host AAA.DDD.AAA.10 eq ftp-data

access-list acl_in deny ip any any

access-list acl_in permit ip any any

pager lines 20

logging on

logging timestamp

no logging standby

no logging console

logging monitor debugging

no logging buffered

logging trap warnings

logging history warnings

logging facility 20

logging queue 512

logging host inside AAA.AAA.AAA.149

logging host inside AAA.AAA.AAA.49

interface ethernet0 auto

interface ethernet1 100full

interface ethernet2 auto

interface ethernet3 auto shutdown

interface ethernet4 auto

interface ethernet5 100full

mtu outside 1500

mtu inside 1500

mtu dmz1 1500

ip address outside AA.0.2.2 255.255.255.224

ip address inside AA.168.2.38 255.255.255.224

ip address dmz1 AAA.AAA.AAA.37 255.255.255.252

ip address pix/intf3 0.0.0.0 255.255.255.255

ip address pix/intf4 AAA.168.15.1 255.255.255.0

ip address failover AAA.168.2.253 255.255.255.252

failover

failover timeout 0:00:00

failover ip address outside AA.168.2.3

failover ip address inside AA.168.2.36

failover ip address dmz1 0.0.0.0

failover ip address pix/intf3 0.0.0.0

failover ip address pix/intf4 0.0.0.0

failover ip address failover AAA.168.2.254

failover link failover

arp timeout 240

global (outside) 1 AAA.AAA.AAA.26-AAA.AAA.AAA.28

global (outside) 1 AAA.AAA.AAA.29

nat (inside) 0 AAA.AAA.AAA.0 255.255.255.255 0 0

nat (inside) 0 AAA.AAA.AAA.0 255.255.255.252 0 0

nat (inside) 0 AAA.AAA.AAA.AAA.128 255.255.255.224 0 0

nat (inside) 0 AAA.168.3.0 255.255.255.0 0 0

nat (inside) 1 10.30.1.0 255.255.255.0 0 0

nat (inside) 0 AAA.AAA.AAA.10 255.255.255.0 0 0

nat (inside) 0 AAA.AAA.AAA.11 255.255.255.0 0 0

nat (pix/intf4) 1 AAA.168.15.0 255.255.255.0 0 0

static (dmz1,outside) AAA.AAA.AAA.38 AAA.AAA.AAA.38 netmask 255.255.255.255 0 50

0

static (inside,outside) AAA.AAA.AAA.128 AAA.AAA.AAA.128 netmask 255.255.255.224

0 0

static (pix/intf4,outside) AAA.AAA.AAA.6 10.0.15.5 netmask 255.255.255.255 0 0

static (inside,outside) 10.0.3.0 10.0.3.0 netmask 255.255.255.0 0 0

static (inside,outside) AAA.AAA.AAA.0 AAA.AAA.AAA.0 netmask 255.255.255.224 0 0

access-group acl_in in interface inside

conduit permit tcp AAA.AAA.AAA.128 255.255.255.224 eq 6000 host AAA.AAA.AAA.190

conduit permit tcp AAA.AAA.AAA.128 255.255.255.224 eq ident host AAA.AAA.AAA.253

conduit permit tcp AAA.AAA.AAA.128 AAA.AAA.AAA.224 eq lpd host AAA.AAA.AAA.7

conduit permit tcp host AAA.AAA.AAA.145 eq ftp host AAA.AAA.AAA.190

conduit permit tcp host AAA.AAA.AAA.145 eq ftp-data host AAA.AAA.AAA.190

conduit permit tcp host AAA.AAA.AAA.145 eq ftp host AAA.AAA.AAA.29

conduit permit ip host 10.0.10.10 host AAA.AAA.AAA.145

route outside 0.0.0.0 0.0.0.0 10.0.10.1 1

route inside 10.0.3.0 255.255.255.0 10.0.2.34 1

route inside 10.50.10.0 255.255.255.0 10.0.2.34 1

route inside AAA.AAA.AAA.AAA 255.255.255.224 10.0.2.34 1

route inside 195.206.162.0 255.255.255.224 10.0.2.34 1

timeout xlate 0:03:00 conn 5:00:00 half-closed 0:10:00 udp 0:02:00

timeout rpc 0:10:00 h323 0:05:00

timeout uauth 0:02:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community pigsinspace

snmp-server enable traps

tftp-server inside AAA.AAA.AAA.153 /pix-confg

no floodguard enable

isakmp identity hostname

telnet AAA.AAA.AAA.128 255.255.255.224 inside

telnet AAA.AAA.AAA..128 255.255.255.224 dmz1

telnet .AAA.AAA.AAA.128 255.255.255.224 pix/intf3

telnet ZZZ.ZZZ.ZZZ.128 255.255.255.224 pix/intf4

telnet ZZZ.ZZZ.ZZZ.128 255.255.255.224 failover

telnet 10.0.15.0 255.255.255.0 pix/intf4

telnet timeout 5


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ciscomoderator Wed, 01/30/2002 - 17:18
User Badges:
  • Gold, 750 points or more

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen


If anyone else in the forum has some advice, please reply to this thread.


Thank you for posting.


Actions

This Discussion