We need way more information than this. Where are the Unix servers, and where are the clients located (what PIX interface)? Do you see anything in the PIX syslog when the connection is denied to indicate the traffic is dropped? Can you forward the PIX config (remove any password lines and change IP addresses if you like) and then detail exactly what isn't working?
Is access-list 101 used for authentication, or for allowing access through the PIX?
The Unix server and clients are inside the firewall. The clients have host files but all of the ip's are internal. When I change this line I see the following in the syslog- "2002-07-16 00:54:16 UTC,Local0.Error,10.***.***.***,Jul 15 2002 18:49:40: %PIX-3-109013: User must authenticate before using this service.
As soon as I change this line: access-list 101 permit tcp any any eq www (which only asks for authentication through browsers)
to: access-list 101 permit ip any any (which will ask for authenication for anything passing through the pix)
Yes, we have everyone authenticate before going out to the internet.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...