Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

host to host communication in PIX 7.1(1)

Greetings

Attached is my sample network security setup. My network is actually closed network which is not connected to outside world but We are attached to the number of untrusted networks but my requirement is to provide the connection based on host to host communication.

In this regard I am facing the problem with the PIX Firewall.

If i issue the command

access-list 101 extended permit tcp host 192.168.100.1 host 172.16.2.29 eq 6002

(i m using the 172.16.2.29 as a static NAT address for the 192.168.100.1 address)

than the communication didn't go through the firewall but if i issue the command

access-list 101 extended permit tcp any host 172.16.2.29 eq 6002

than everything works fine and communication is done without any issue.

The Pix Firewall version i am using is 7.1(1)

Please keep in mind that i have used only one as a sample, the same applies for the other untrust hosts. I am facing the same problem.

Thanks in advance for the answer.

Mansoor

2 REPLIES
New Member

Re: host to host communication in PIX 7.1(1)

Since you are Static natting you need to allow traffic to the pre-Nat'd IP (host visible to other hosts)

what is the source address of the host that will initiate the traffic to 172.16.2.29 on port 6002?

New Member

Re: host to host communication in PIX 7.1(1)

The source address that will always initiate the traffic for 172.16.2.29 is 172.16.2.22.

141
Views
0
Helpful
2
Replies
CreatePlease to create content