PIX not allowing pass through from outside to inside
I am having an issue with a PIX 515 that I could use some advice with. I have an internal server which needs to be accessible to the internet via HTTP only. I have created an access-list on the outside interface allowing any host to access the external IP I will use. I then have a static from the external address to the internal address. The twist is that my internal network is 10.0.x.x, but the host on the inside that I need to get to from the internet is a 192.192.x.x. I can be on the pix and ping the 192 host, and it can ping the pix. I have added a route inside statemtent on the pix telling the 192.x.x.x network to use the internal router to route to the 192 host. We cannot ping or connect to the 192 host from outside. We have one other machine that is addressed as a 10.0.x.x, and on the inside that we are allowing to be hit from the internet through the pix, and we can hit it fine. My question is whether or not the pix is stopping us from reaching the 192 host because it is not the same as the inside interface, which is a 10.0.x.x? Also, our DMZ interface is 192.168x.x, so could it be possible that the pix is seeing this host as being on the dmz? I'm not sure if this would be a factor, since our subnet masks are correct. Would anyone have any ideas on this or come accross a similar situation? Thanks for your help.
Re: PIX not allowing pass through from outside to inside
What is the default gateway of the 192.192.x.x address.
If I am a user on the internet trying to access your web server, my source will be any routable ip address and the 192 should know that it has to send the packet back to the pix for me to get a response.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :