I've got a 501, with nat(inside) and global(outside). Something is preventing web browsing, ftp and icmp traffic. with netstat I can see the connections established(telnet to port 80 of external web server, ftp) but never see banners or login prompts. I've tried some with access lists and get icmp back and forth but nothing else. Even tried (http://220.127.116.11) in a browser with no luck. Anyone have ideas why?
this is my config:
nat (inside) 5 0 0
global (outside) 5 interface
-with no access-lists i get nothing in or out
but with permit any tcp,udp,icmp,ip i get the symptoms above.
I've seen something in an article about needing to have a ptr record for the external int.
The global command actually works every time for me. We're only using 1 ip externally, so when you try to define the global with the ip address you get an error. The global(outside) interface works nicely. The ptr's have also proven to be a neccesity with both cable and dsl. Without it we cannot get to the web(with 1 or 2 exceptions). The problem now is this:
-We're replacing a RED firewall with the delightful 501. Pat is being used, similar to the config shown above. The clients can all get out and surf perfectly after clearing the arp cache on each. The Novell server cannot. It can ping the 501 internal interface but not the external. I've cleared the cache, checked the routes, etc on the server but to no avail. Any ideas why?
BTW...Thanks for the input on the previous question.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...