Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Internet access through PIX 515

Hello,

I'm sending part of my PIX configuration (ver 6.3(1)) .Users from Inside the Network (secure ) can't able to access the Internet through PIX where as if they are directly connected to Router byepassing PIX , they can . From PIX , I can able to ping the Router Interface (212.100.211.29 ).We want users located in subnet 192.178.1.0 to be able to browse the Internet through PIX .

ip address outside 212.100.211.30 255.255.255.252

ip address inside 192.178.1.201 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

route outside 0.0.0.0 0.0.0.0 212.100.211.29

4 REPLIES
New Member

Re: Internet access through PIX 515

Hi

Is this your real IP addresses? First of all, do not reveal your real IP addresses here. It could open your network to more threats.

Other than assigning IP addresses to the interfaces, you should have Address translations (NAT, Static etc) and proper access-lists configured on your PIX Firewall to make it work for you.

If you have already done so, could you post your configuration? (of course by faking your real IP addresses!)

Regards

Anoop K Narayanan

NICBM Kuwait

New Member

Re: Internet access through PIX 515

Thanks Anoop .It's a fake address only .Below are the access-list (a.b.c.d is a real IP ).

access-list inside permit tcp any host a.b.c.d eq http

access-list inside permit udp any host a.b.c.d eq http

static (o,i ) 192.178.1.0 a.b.c.d netmask 255.255.255.255

New Member

Re: Internet access through PIX 515

Why would you have to apply an ACL to the inside interface to allow outbound http traffic? Isn't all outbound traffic from a higher security interface allowed to a lower security interface?

Gold

Re: Internet access through PIX 515

Hi -

Can you pls provide your full pix config either here or ofline to me directly at jmia@ohgroup.co.uk - Pls remember to change passwords and real IPs etc.

Thanks - Jay.

116
Views
0
Helpful
4
Replies
CreatePlease login to create content