Is there anything wrong with this setup. I have two legal ip addresses. One for the router and one for the external int of the pix. I need to have a nat 1 command for the entire internal network (this is not used yet but is setup). I need a static for the mail/www server "static (inside,outside) interface 10.0.0.2" so to speak. I need to allow in www,443 and 25 to this interface. I also need to allow microsoft vpn and cisco vpn. I have realised that I cannot create the above static as it stops the vpn from working so I have created 3 "static (inside,outside) interface 25 10.0.0.2 25" commands and then bound the access-list to the external interface. It all works but I am finding that internet on the desktops (that is via the proxy server 10.0.0.2) is seeming to hang every now and again - you can browse into a web page to about 4 layers and then nothing happens. If you close and reopen IE it works fine again.
Im pretty sure the clients are ok as this setup was just a static for the 10.0.0.2 machine (no vpn, nat and inbound ports) before and all worked fine,
static forwarding should not stop the vpn from working. What precisely is the static command you are trying to use?
Is sounds like the proxy server might have a problem, or perhaps your bandwidth utilization is high. PIXen really don't get involved in http traffic unless you have websense/n2h2 filtering enabled, or have java/activex blocking. Have you checked your connection counts on the pix? What model do you have? How many users use the proxy server?
access-list 101 permit tcp any host 184.108.40.206 eq smtp
access-list 101 permit tcp any host 220.127.116.11 eq http
access-list 101 permit tcp any host 18.104.22.168 eq 443
access-group 101 in interface outside
plus settings to allow pptp and cisco client to connect on 22.214.171.124
It all works including the vpn (apologies if I have written it down wrong as its from the top of my head but you get the idea) I was just wondering whether there was something strange happening with the nat command maybe?
The problem is just www browsing appears to timeout or something?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :