Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX Unable to connect to outside local LAN!!!

Hi,

My PIX is able to connect to all resources in the outside except the local LAN (192.168.2.0/24) where the outside interface sits.

Even the corresponding access lists are not showing any hits!!!

Please find the relevant config attached.

Any ideas??

interface ethernet0 100full

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list in-out permit tcp 10.10.10.0 255.255.255.0 host 192.168.2.183 eq telnet <<not working>>

access-list in-out permit tcp 10.10.10.0 255.255.255.0 host 192.168.2.183 eq ftp <<not working>>

access-list in-out permit tcp 10.10.10.0 255.255.255.0 host 192.168.3.183 eq telnet <<working>>

access-list in-out permit tcp 10.10.10.0 255.255.255.0 host 192.168.3.183 eq ftp <<working>>

ip address outside 192.168.2.70 255.255.255.0

ip address inside 10.10.10.1 255.255.255.0

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

access-group in-out in interface inside

route outside 0.0.0.0 0.0.0.0 192.168.2.7 1

Vincent

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: PIX Unable to connect to outside local LAN!!!

access-list in-out permit tcp 10.10.10.0 255.255.255.0 host 192.168.2.183 eq telnet <>

access-list in-out permit tcp 10.10.10.0 255.255.255.0 host 192.168.2.183 eq ftp <>

since the pix inside interface has not been receiving any telnet/ftp request. i suspect that the pc that was initiating the session has an inaccurate default gateway or the default gateway has no route to point to subnet 192.168.2.0/24.

in other words, it's pointing to another device as the default gateway (e.g. the internet router) and yet this device has no route pointing to the pix for subnet 192.168.2.0/24.

4 REPLIES
New Member

Re: PIX Unable to connect to outside local LAN!!!

Just to make clear; It's not the PIX but the inside hosts who are not able to connect to PIX outside local LAN.

Vincent.

Gold

Re: PIX Unable to connect to outside local LAN!!!

10.10.10.0 <--> pix <--> 192.168.2.0 192.168.3.0

the issue maybe related to the lack of route on the router, which connected net .2.0 and net .3.0. verify the routing table on the router whether net .3.0 knows how to get back to 10.10.10.0.

New Member

Re: PIX Unable to connect to outside local LAN!!!

Hi Jackko,

Thanks for your reply.

Infact it is 192.168.2.0/24 subnet to which I am unable to connect.

192.168.3.0/24 subnet works just fine...

Vincent

Gold

Re: PIX Unable to connect to outside local LAN!!!

access-list in-out permit tcp 10.10.10.0 255.255.255.0 host 192.168.2.183 eq telnet <>

access-list in-out permit tcp 10.10.10.0 255.255.255.0 host 192.168.2.183 eq ftp <>

since the pix inside interface has not been receiving any telnet/ftp request. i suspect that the pc that was initiating the session has an inaccurate default gateway or the default gateway has no route to point to subnet 192.168.2.0/24.

in other words, it's pointing to another device as the default gateway (e.g. the internet router) and yet this device has no route pointing to the pix for subnet 192.168.2.0/24.

113
Views
0
Helpful
4
Replies
CreatePlease to create content