11-18-2011 09:09 AM
I have a Pix 501 that allows certain IP addresses (3) access to our network. The address that allows access to our network (excepting OWA and separate machine). When I use microsoft's Remote Desktop program to access the server it works great. I am supposed to be able to reach any machine on the network after connecting to the Pix, but cannot. Is there a reason for this?
11-19-2011 06:33 AM
Hi,
by default traffic from a low security level to a high security level is not permitted except if you tie an ACL inbound on the low security level interface permitting this traffic and you must also have a static NAT which nats the inside IP which generally is a private address so not routeable on the internet to a public IP.
Can you post output of following:
-sh run static
-sh access-list
-sh run access-group
- sh route
Regards.
Alain
11-21-2011 08:11 AM
Can I e-mail the files to you?
11-22-2011 01:04 AM
hi,
if you want to, you can but why not send them here as attached zip file?
Regards.
Alain
11-22-2011 07:56 AM
Is it secure. My ip addresses are out there for the world to see.
11-22-2011 10:53 AM
Hi,
just change them or replace some octets value.
Regards.
Alain
11-22-2011 01:23 PM
11-23-2011 02:00 AM
Hi,
I don't see anything wrong in the config.
Could you explain exactly what is not working? Can you access the servers from outside?
Or are you accessing a server with RDP from outside and then from your RDP session you try to RDP to other servers which are either in same interface or on another interface?
If this is the case it won't work as the Pix won't let traffic go out traffic on the same interface it came in.
In ASA this possible with same-security-traffic command but on the Pix I think there is no work around.
Regards.
Alain
11-23-2011 07:51 AM
Let me explain everything I know.
We access our network for 3 different functions:
SCAPCADC (internal server ip) that accesses the server and all other machines on the network.
SPOCOLL (internal eco ip) that is a secure connection from the state network.
OWA (OWA_ip) a connection to our exchange server using outlook web access.
We have been given 5 active ip addresses, 3 of which we use. They are:
Pix_eco_ip: which is the ip address ecology uses to get to their machine (spocoll)
OWA_Ip: which is the ip address used to get to outlook web access
Pix_network_ip: which is the ip address used to get to the server and other network computers (scapcadc)
As far as I know, Pix_eco_ip is working, and so is OWA_ip, but until last week we were able to get into the server but not any other machine on the network (we were able to get into everything). Now we can't even see the server.
To get into the network (server and network computers)I open the VPN connection and it says that a network connection is open, but when I use Remote Desktop connection it tells me it can't find the computer. I can't ping any of the machines on the network, either. If this isn't a pix problem, can you recommend anything else?
Hope this and the attachments I sent you are helpful.
11-24-2011 12:04 PM
Hi,
so you can vpn into the network where the server and workstations are but you can't RDP to any machine in this network from internet?But before you could do it?
Can you sniff traffic on server when doing this and do you see trafffic hitting the server?
Can you do a packet-tracer and or capture traffic on both interfaces when trying to RDP and send results.
Regards.
Alain
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: