Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515 Configuration Problem

Hi everybody

I'm trying to configure a 515E + failover unit and I' ve a little problem Let's imagine the following scenario:

Inside network on interface "inside" ethernet1 security 100 100full

ISDN router on interface "outside" ethernet0 security 0 10full

WWW Server on interface "opti" ethernet3 security80 100full

LAN on interface "router" ethernet2 security60


The other two interfaces are unused. The basic configuration is intended to allow internet access and WWW Server access for users in "inside" and "router"

Internet and WWW access for "inside" and "router":

nat (inside) 1 0 0 -- open connections in lesser secure interfaces

nat (router) 1 0 0 -- open connections in lesser secure interfaces

global (outside) 1 netmask -- outbound PAT address for the Internet

global (opti) 1 netmask -- PAT for WWW Server

This should permit traffic from "router" to internet and from "inside" to internet and WWWServer, but access to WWWServer from "inside" doesn't work. As "router" is less secure than "opti" I have configured the following to allow access from "router" to "opti":

static(opti,router) netmask

access-list router_out permit tcp any any eq http

access-list router_out permit tcp any any eq domain

access-list router_out permit udp any any eq domain

access-group router_out in interface router

As you can see, is quite simple... but I can't give access to WWWServer from "inside". Access from "router" works properly.

Can anybody tell me what's happening?

Thanks a lot in advance.

New Member

Re: PIX 515 Configuration Problem

your static command is not correct, you have for router but the subnet on this interface is

are you trying to access opti from inside using DNS names or IP addresses? if you use DNS names then you will need to add the alias command -

CreatePlease to create content