1. If both net1 and net2 are off the inside interface of the PIX (let's say net1 is directly connected to the PIX and net2 is behind a router off the net1 subnet), then you can't set your default gateway to the PIX. The PIX won't route traffic back out the same interface it came in on, so if a packet destined for net2 comes in on the net1 interface, and needs to be routed back out the net1 interface, the PIX will drop the packet.
To get this to work set the default gateway of all the net1 PC's to the router that connects to net2. On the router define a default gateway of the PIX interface. For packets from net1 destined to net2 these will be sent straight to the router and will work fine. For packets from net1 to the Internet they'll be routed to the router first, which will then forward them to the PIX. The router will also then issue an ICMP redirect to the PC telling it to send all Internet based packets straight to the PIX from then on.
2. You have your source and destination ports around the wrong way, I'm surprised you can get any HTTP traffic out with that. Do the following:
access-list inside_access_in permit tcp any any eq www log
access-list inside_access_in permit tcp any any eq https log
access-list inside_access_in permit udp any any eq domain log
access-list inside_access_in permit tcp any any eq domain log
first question, i did think putting the router as default gw is the right choice, but in my case this is not an option, i was expecting that i could create some kind of a virtual interface for this kind of lan configurations.
second question, this was the configuration created by the pdm! why is this wrong?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...