By default all outbound traffic is allowed unless specifically denied. My
first post assumed that someone else may have configured the PIX and that it
might be denying traffic. To verify if that might be true I showed how it
could be done. If you are the only person configuring that PIX then you
don't need to worry about the point that I made.
Do you have any other PCs behind the PIX that are using static translations
and are working? Is there an internal router? Can internal users access your
server?
> -----Original Message-----
> From: Austin [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, November 09, 2000 3:57 PM
> To: [EMAIL PROTECTED]
> Subject: Re: PIX Help
>
>
> How do I make sure my host is allowed to reply?
> Is there a config that I need to put on the PIX?
> I do want all traffic from the inside going out.
> Thanks.
> "Daniel Cotts" <[EMAIL PROTECTED]> wrote in message
> 303479FA060CD211B8930000F805A88AA10C61@EXCHANGE1">news:303479FA060CD211B8930000F805A88AA10C61@EXCHANGE1...
> > Also check your "outbound" statements. The default is to
> allow all traffic
> > from inside. It can be configured to deny all traffic as follows:
> > outbound 1 deny 0.0.0.0 0.0.0.0 1-65535 udp
> > outbound 1 deny 0.0.0.0 0.0.0.0 1-65535 tcp
> > Then permit statements open up only the desired flows. If
> your config is
> > similar then make sure that your host is allowed to reply.
> >
> > > -----Original Message-----
> > > From: Austin [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, November 09, 2000 2:55 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: PIX Help
> > >
> > >
> > > Not working .. it is translated ...
> > >
> > > ""Plambeck, Todd"" <[EMAIL PROTECTED]> wrote in message
> > > 616662531243D411887000805F65999503C341@HTSCORPPDC">news:616662531243D411887000805F65999503C341@HTSCORPPDC...
> > > > Make sure the translation is in the xlate table ( sh xlate
> > > ). If not ping
> > > > out from the inside host then check it again.
> > > >
> > > > Todd
> > > >
> > > > -----Original Message-----
> > > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > > Austin
> > > > Sent:
> > > Thursday, November 09, 2000 12:50 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: PIX Help
> > > >
> > > >
> > > > I am using a static mapping on the pix for an inside
> > > illegal address to an
> > > > outside legal address.
> > > > I want to allow the inside machine to be pinged from the
> > > outside as well
> > > as
> > > > allow http traffic to that machine.
> > > > Lets say the inside address is 10.1.1.5 and the internet
> > > legal address is
> > > > 45.33.20.5
> > > > This is what I did:
> > > >
> > > > static (inside, outside) 45.33.20.5 10.1.1.5
> > > > conduit permit icmp host 45.33.20.5 any
> > > > conduit permit tcp host 45.33.20.5 eq www any
> > > >
> > > > I cannot ping the inside machine from the internet with
> this config.
> > > > Please help.
> > > >
> > > > Thanks.
> > > >
> > > >
> > > > _________________________________
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
> > > [EMAIL PROTECTED]
> > > >
> > > > _________________________________
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
> > > [EMAIL PROTECTED]
> > > >
> > >
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct
> > > and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct
> and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
