Re: Internet access through PIX 515

raju · ‎12-02-2003

Hello,

I'm sending part of my PIX configuration (ver 6.3(1)) .Users from Inside the Network (secure ) can't able to access the Internet through PIX where as if they are directly connected to Router byepassing PIX , they can . From PIX , I can able to ping the Router Interface (212.100.211.29 ).We want users located in subnet 192.178.1.0 to be able to browse the Internet through PIX .

ip address outside 212.100.211.30 255.255.255.252

ip address inside 192.178.1.201 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

route outside 0.0.0.0 0.0.0.0 212.100.211.29

anup_bekal · ‎12-02-2003

Hi

Is this your real IP addresses? First of all, do not reveal your real IP addresses here. It could open your network to more threats.

Other than assigning IP addresses to the interfaces, you should have Address translations (NAT, Static etc) and proper access-lists configured on your PIX Firewall to make it work for you.

If you have already done so, could you post your configuration? (of course by faking your real IP addresses!)

Regards

Anoop K Narayanan

NICBM Kuwait

raju · ‎12-02-2003

Thanks Anoop .It's a fake address only .Below are the access-list (a.b.c.d is a real IP ).

access-list inside permit tcp any host a.b.c.d eq http

access-list inside permit udp any host a.b.c.d eq http

static (o,i ) 192.178.1.0 a.b.c.d netmask 255.255.255.255

kholford · ‎12-02-2003

Why would you have to apply an ACL to the inside interface to allow outbound http traffic? Isn't all outbound traffic from a higher security interface allowed to a lower security interface?

jmia · ‎12-02-2003

Hi -

Can you pls provide your full pix config either here or ofline to me directly at jmia@ohgroup.co.uk - Pls remember to change passwords and real IPs etc.

Thanks - Jay.