I am able to get some websites to come up, but after a long time loading. Here is my config. What am I missing? I am able to RDP inside to the server named xxx-SQL01 and use ASDM and telnet to manage the firewall. The connection stays up fine, I can ping anywhere from the outside interface of the PIX, but web traffic does not go outbound, if it does it takes several minutes for google.com to pop up (this is outbound web traffic) Any help would be appreciated.
xxx-pix# sh run
PIX Version 7.2(1)
enable password xxxxxxxxxxxxxx encrypted
name 999.999.999.122 xxx-APP01-Ext description Outside
name 10.0.0.101 xxx-APP01-Int description Inside
name 999.999.999.123 xxx-SQL01-Ext description Outside
name 10.0.0.51 xxx-SQL01-Int description Inside
ip address 999.999.999.121 255.255.255.248
ip address 10.0.0.254 255.255.255.0
description Management and Backup
ip address 10.100.100.241 255.255.255.0
passwd xxxxxxxxxxxxxx encrypted
ftp mode passive
dns server-group DefaultDNS
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list Outside_access_in extended permit tcp any host xxx-APP01-Ex 3389
access-list Outside_access_in extended permit tcp any host xxx-SQL01-Ex 3389
Sorry, let me expand on my question. currently there are only the 2 hosts (internal) listed in the PIX config. Both of them have static NATs, and a Security Policy that allows inbound RDP. I can RDP to these hosts fine, but I cannot surf the web from the hosts. I hope that clears it up. thanks again for all your help in advance.
I would be inclined to look at the dns for the hosts on the network. Could be the dns server they are resolving from has been retired and are waiting for timeouts before loading cached pages - google but not getting any new sites.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...