I have a PIX firewall between the ISP and our internal network. I am trying to access a web server internally. Now when my PIX's public interface is connected to the ISP, I can ping the internal web server from Internet but I can not access the web site. When I disconnect the Internet from the PIX and connect a Laptop with cross over cable, we can view the web page. The laptop has a ip address from the same segment that our internet is. we talked to our ISp and they said that they don't have any filtering going. They are just performing IP forwarding. What could be possible cause of this? Any help would be highly appreciatable.
From the surface of what you are saying it sounds like you do not have the needed IP ports available to the outside. You might check to see if the needed ports are open and mapped properly. Most common are ports 80 and 8080.
Considering you are able to access the server from the external interface, i suppose you configure correctly the static route, the access-list and the access-group for this server. The possible cause may be:
a) The default route is possibly not configured. To test this, are you able to surf the Net from the internal. If not, it's probably the default route: You must configure it with a command like this:
route outside 0 0 220.127.116.11 1 where you have to replace the address 18.104.22.168 by the address of the first ISP router.
b) Or you have an access list too restrictive.
c) Your access-list is not assigned, or incorrectly assigned, to the outside interface with the access-group command.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...