Looked at this too many times, can't see what I'm missing...Incoming mail and web working fine, can't get anything out. Info loggin show lots of UDP DNS traffic do I need to open port 53 or something?...
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security10
access-list acl_in permit tcp any host X.X.X.171 eq www
access-list acl_in permit tcp any host X.X.X.171 eq smtp
Re: PIX 515 NAT Issue (or could be access list...)
could you try pinging www.cisco.com. You will no receive any reply packet (pix blocks) but you should check if 'www.cisco.com' is resolved to an IP address. If it is not resolved to an IP address, then there may be a problem with the configured DNS servers on the pc's and servers.
Instead of pinging, you could try nslookup (on a computer behind the pix) to see if you can reach your DNS servers.
Your config, as it is right now, should allow all outbound traffic.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...