cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
627
Views
9
Helpful
3
Replies

pix config problem

handley88
Level 1
Level 1

hi, am having trouble configuring a 506e firwall which is currently setup in a lab, i think there is a problem with the acl's or the static routing but not sure so here is the config.

thanks

Alex

3 Replies 3

royalblues
Level 10
Level 10

Could you please elaborate as to what you are trying to achieve and where are you facing the problem?

Narayan

sorry, am trying to allow icmp and www through the firewall to start with. currently i can ping both interfaces from there sides of the pix but cannot ping through the pix.

thanks

Alex

jmia
Level 7
Level 7

Try the modified configuration (attached) - I have included only www and smtp access. By defult the PIX will allow all connection outbound (Higher Security Interface to Lower Security Interface) but if you need any services such as smtp/www allowed into your internal network then you'll need ACL and static for this process.

Make sure that your MX record is pointing to the correct public IP address which is bound to the outside interface for smtp also for www access.

Also, note - if you only have the one public IP address and this is being used by the outside interface then you can substitute the ACLs and statics as such:

access-list outside_in permit tcp any host 194.74.152.163 eq smtp

access-list outside_in permit tcp any host 194.74.152.163 eq www

access-group outside_in in interface outside

static (inside,outside) tcp interface smtp smtp netmask 255.255.255.255 0 0

static (inside,outside) tcp interface www www netmask 255.255.255.255 0 0

After the modifications issue: write mem and also issue clear xlate.

To test for connectivity via the PIX configure the following on the outside interface:

access-list outside_in permit tcp any host 194.74.152.163 eq smtp

access-list outside_in permit tcp any host 194.74.152.163 eq www

access-list outside_in permit icmp any any echo-reply

access-list outside_in permit icmp any any unreachable

access-list outside_in permit icmp any any time-exceeded

access-group outside_in in interface outside

You should take out the icmp commands out when have finished testing.

Again, save with: write mem and also issue: clear xlate

Hope this helps and if you need any further help then let us know.

Please rate posts if it helps!!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: