I was wondering if someone can lend a hand and look over this config for me.
The config below appears to work fine, inside network is able to get out to the internet, outside users are able to get to the website hosted in the dmz and internally.
The problem is that the servers with a static NAT translation are unable to get out to the internet(10.0.0.105, 192.168.0.106, 192.168.107). If I removed the static NAT translation than they can get internet access, but then outside can't access the websites.
PIX Version 7.2(2)
name 10.0.0.105 SYSLOG
name 70.x.x.97 INTERNET
ip address 70.x.x.98 255.255.255.240
ip address 10.0.0.1 255.255.252.0
ip address 192.168.0.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
access-list NONAT extended permit ip 10.0.0.0 255.255.252.0 10.1.0.0 255.255.252.0
access-list DMZ_NONAT extended permit ip 192.168.0.0 255.255.255.0 10.1.0.0 255.255.252.0
access-list SPLIT_TUNNEL_LIST standard permit 10.0.0.0 255.255.252.0
access-list SPLIT_TUNNEL_LIST standard permit 192.168.0.0 255.255.255.0
access-list outside_access_in extended permit tcp any host 70.x.x.106 eq ftp
access-list outside_access_in extended permit tcp any host 70.x.x.105 eq www
access-list outside_access_in extended permit tcp any host 70.x.x.106 eq www
access-list outside_access_in extended permit tcp any host 70.x.x.107 eq www
Your configuration seems ok, but i would try to create an access-list for the traffic from the DMZ-network and attach this access-list to an access-group like you have done with the outside access-list.
Otherwise, please check the log. You should see the error quite clearly there.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...