PIX 515
6.3.3
PDM 3.01
I can ping the server in the dmz from the inside.
Server in dmz cannot ping anyone.
Cannot get to the server in the dmz from outside.
Please help .. here is my config
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
names
name 10.1.1.1 int-ns1
name 10.1.1.8 int-ns2
name a.b.c.225 knet-gw
name a.b.c.227 ext-ns1
name a.b.c.228 ext-ns2
name a.b.c.229 ext-mail
name a.b.c.230 ext-rem
name a.b.c.231 ext-rtr
name 10.1.1.15 int-mail
name 10.1.1.254 int-rtr
name 10.1.1.230 int-rem
name a.b.c.232 ext-rem-2
name 10.1.1.189 int-rem-2
name a.b.c.233 ext-rem-3
name 10.1.1.125 int-rem-3
name 10.168.0.2 webserver
access-list outside permit icmp any any
access-list outside permit tcp any host ext-mail eq smtp
access-list outside permit tcp any host ext-mail eq pop3
access-list outside permit tcp any host ext-mail eq www
access-list outside permit tcp any host ext-ns1 eq domain
access-list outside permit udp any host ext-ns1 eq domain
access-list outside permit tcp any host ext-ns2 eq domain
access-list outside permit udp any host ext-ns2 eq domain
access-list outside permit tcp host knet-gw host ext-rtr eq telnet
access-list outside permit tcp any host ext-ns1 eq 3389
access-list outside permit udp any host ext-ns1 eq 3389
access-list outside permit tcp any host ext-rem eq 6000
access-list outside permit tcp any host ext-rem eq 6001
access-list outside permit tcp any host ext-rem eq pcanywhere-data
access-list outside permit tcp any host ext-rem eq 5362
access-list outside permit tcp any host ext-rem eq 5632
access-list outside permit tcp any host ext-rem-2 eq 6000
access-list outside permit tcp any host ext-rem-2 eq 6001
access-list outside permit tcp any host ext-rem-2 eq pcanywhere-data
access-list outside permit tcp any host ext-rem-2 eq 5362
access-list outside permit tcp any host ext-rem-2 eq 5632
access-list outside permit tcp any host ext-rem-3 eq 6000
access-list outside permit tcp any host ext-rem-3 eq 6001
access-list outside permit tcp any host a.b.c.234 eq www
access-list outbound-nat deny ip any host a.b.c.7
access-list outbound-nat deny ip any host a.b.c.7
access-list outbound-nat deny ip any host a.b.c.7
access-list outbound-nat deny ip any host a.b.c.7
access-list outbound-nat permit ip any any
pager lines 24
logging on
logging timestamp
logging buffered debugging
logging trap debugging
logging history emergencies
logging facility 7
logging host inside 10.1.1.2
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside a.b.c.226 255.255.255.240
ip address inside 10.100.1.254 255.255.255.0
ip address dmz 10.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool ippool 10.1.2.1-10.1.2.254
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address dmz
arp timeout 14400
global (outside) 1 a.b.c.236
global (outside) 1 a.b.c.237
global (outside) 1 a.b.c.238
global (dmz) 1 10.168.0.10-10.168.0.20
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 1 10.168.0.0 255.255.255.0 0 0
static (inside,outside) ext-mail int-mail netmask 255.255.255.255 0 0
static (inside,outside) ext-ns1 int-ns1 netmask 255.255.255.255 0 0
static (inside,outside) ext-ns2 int-ns2 netmask 255.255.255.255 0 0
static (inside,outside) ext-rtr int-rtr netmask 255.255.255.255 0 0
static (inside,outside) ext-rem int-rem netmask 255.255.255.255 0 0
static (inside,outside) ext-rem-2 int-rem-2 netmask 255.255.255.255 0 0
static (inside,outside) ext-rem-3 int-rem-3 netmask 255.255.255.255 0 0
static (dmz,outside) a.b.c.234 webserver netmask 255.255.255.255 0 0
access-group outside in interface outside
access-group outside in interface dmz
route outside 0.0.0.0 0.0.0.0 knet-gw 1
route inside 10.0.0.0 255.0.0.0 10.100.1.253 1
