I have a webserver setup behind my PIX firewall. It is also a mail server as well. My problem is that when I try to browse to a website I only get the first page and every subsequent page times out. I also can not receive mail. Below is my config. Can anyone point me in the right direction?
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
access-list inbound permit tcp any host 192.168.0.13 eq www
access-list inbound permit tcp any host 192.168.0.13 eq pop3
access-list inbound permit tcp any host 192.168.0.13 eq ftp
access-list inbound permit tcp any host 192.168.0.13 eq https
access-list inbound permit tcp any host 192.168.0.13 eq smtp
access-list inbound permit icmp any any echo-reply
access-list inbound permit icmp any any time-exceeded
access-list inbound permit icmp any any unreachable
pager lines 24
logging buffered debugging
logging trap debugging
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 192.168.0.2 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.100 255.255.255.255 inside
pdm location 18.104.22.168 255.255.255.255 inside
pdm location 192.168.1.13 255.255.255.255 inside
pdm logging debugging 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 192.168.0.13 192.168.1.13 dns netmask 255.255.255.255 0 0
Yes this seems to be the correct syntax for DNS resoltuion to the private address. However I dont think that the same translation will be used for the IP traffic. Try making a similar translation but without "dns".
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...