I have replaced an OpenBSD-based firewall with a PIX 501 and it seems very nearly perfect. However, there are a few PAT forwards that don't seem to be working from networks OUTSIDE our external netblock, and I can not for the life of me figure out why.
There are several machines that are on the same external network as the firewall (188.8.131.52/26) which ARE able to access the forwarded ports that don't work from the outside. One of these is SSH forwarding 184.108.40.206 to 10.0.0.196. Machines on the 220.127.116.11/26 network can ssh to 18.104.22.168 (which is forwarded to 10.0.0.196.) Machines on other external networks are unable to connect.
I will have to post my config (with substitutions for IPs and security info.) in a subsequent post, as the question AND config exceed 4000 characters...
Could someone please take a look and tell me what I've done wrong?
I issued "clear xlate", and within moments everything was perfect.
I'm not sure WHY that was necessary, because I hadn't made any changes to the device since setting the rules, writing it to memory, and rebooting (just to be sure I had gotten it right.) But at any rate, it does seem to be working wonderfully.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...