I have a new 501 running 6.3(5) with a 10 user license. I have a network of 25 computers running local applications, we only need internet access through the firewall for 8 of the workstations. The setup is internet-DSL modem-PIX-switch. I have it up and connected, but I have issues: 1. Hosts that are not going to the internet are hitting the PIX and apparently taking up license slots -- if these hosts have their default gateway removed or altered, will this fix the problem? 2. One host simply can't access webpages although I can ping from it to the 'net. This machine works fine with my old firewall, I can't come up with theories why this is happening (the show local-host says I have available spots..) 3. The show local-host print out says I only have 8 maximum active connections, shouldn't that say 10? TIA
One way to limit the hosts that can access the Internet is to statically assign addresses to the permitted hosts in a permitted NAT range, and set up DHCP for everyone else outside of the permitted NAT range.
I've also had issues with Internet access to some sites due to the default behavior of the DNS check. It kills all DNS packets longer than 512 bytes (and some DNS clients use larger request packets).
Try resetting the DNS inspect maximum-length to 1500 bytes. It worked for me...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...