I have a PIX 515E setup with multiple interfaces. For right now to make things simple lets just look at the outside, inside, and DMZ.
On the inside interface I have a router connecting the inside network directly to another network. The DMZ interface has an ACL that is supposed to allow UDP traffic on specified ports from specified IPs into the inside interface.
access-list DMZ_in extended permit udp (ip) any (port)
So this is supposed to allow any traffic from that IP to any IP on the specified port. Problem is that it works fine except for traffc to at least one IP on the other side of the inside router.
I keep getting large numbers of log messages about traffic being blocked by that rule, but only to one IP on the remote inside network. I know there are two PCs on that network that could be getting this traffic, and am not certain if the other one is just passing through or not.
Would I need to make a specific rule allowing traffic to that network? From what I understand it shouldn't be necessary.
You also need to make sure your router behind the PIX has the routes correctly configured. In othere mwords make sure the DMZ hosts are able to reach to the required subnets .. and make sure thiose subnets know the way back to the DMZ hosts too. Because you ahve the router in the middle you need to check the PIX and router's routing table.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :