Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Inbound Internet Problem

Here is my setup:

Internet -> Pix -> DMZ Interface

I have a nat of 10.10.1.10 that nats to 10.20.1.10 (address are just for example)

My fw outside interface has a ip of 10.10.1.1 and my dmz interface has a ip of 10.20.1.1.

From my workstation at work I can ping 10.10.1.1 and from the pix I can ping 10.20.1.10. I can ping my next hop out to the internet. Howerver when I turn on debug packet outside and issue a www request to 10.10.1.10 I do not see any packets. I am pretty sure it probably has to be my provider, but I am just wondering if there is anything else I can look at.

Thanks.

1 REPLY
Silver

Re: Inbound Internet Problem

You mentioned your work workstation, where is that in the topology. Are you connecting to the pix via the Internet over an IPSec/pptp vpn tunnel? Is there an inside or other interface missing from the diagram? Let me know because if you are not using the Internet interface from your work workstation, then the debug will not show anything on the outside/Internet interface.

Are there access-lists configured and applied to the outside interface via the access-group command? Even with a static, for traffic to cross a lower to higher interface, an access-list needs to be applied to the lower interface.

80
Views
0
Helpful
1
Replies