Is your outside link up, and plugged into an enabled switch port that is on the correct vlan/segment and set to correct speed/duplex?
Can other devices on same switch communicate with anyone else? Thanks! TJ [EMAIL PROTECTED] -----Original Message----- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 14, 2003 3:43 PM To: [EMAIL PROTECTED] Subject: Re: PIX access-list problem [7:61043] This type of NAT is required for incoming connections. I can't get access going out so I haven't even looked at that yet. Even worse is from 83.23.44.60 (outside interface of PIX) I can't ping 83.23.44.50 which is outside of the PIX. If you look at my access-list , this should not be a problem. I am stumped on this. ""Waters, Kristina"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Sam, > > Do you have any sort of statement that's translating the addresses in your > DMZ? For example, > > static (DMZ,outside) 141.152.135.23 141.152.135.23 netmask 255.255.255.255 > > If you aren't nat'ing I believe you still have to translate the address. > > HTH, > Kris. > > -----Original Message----- > From: Sam Sneed [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 14, 2003 2:08 PM > To: [EMAIL PROTECTED] > Subject: PIX access-list problem [7:61043] > > > I cannot seem to get the following config to work and am clueless why. My > incoming access lists for DMZ and outside are wide open. The goal is not to > NAT DMZ ever since its public addressing. I can't even ping hosts on the > outside network from PIX. Why am I having these problems? > > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 dmz security50 > > access-list internal permit ip 172.19.90.0 255.255.255.0 any > > access-list test permit ip any any > access-list test permit icmp any any > > access-list int-dmz permit ip 172.19.90.0 255.255.255.0 83.23.43.0 > 255.255.255.0 > > ip address outside 83.23.44.60 255.255.255.192 > ip address inside 172.19.90.1 255.255.255.0 > ip address dmz 83.23.43.250 255.255.255.0 > > global (outside) 1 83.23.44.58 > nat (inside) 0 access-list int-dmz > nat (inside) 1 172.19.90.0 255.255.255.0 0 0 > nat (dmz) 0 0.0.0.0 0.0.0.0 0 0 > access-group test in interface outside > access-group test in interface dmz > route outside 0.0.0.0 0.0.0.0 83.23.44.1 1 > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the sender by email, delete and destroy this message and its > attachments. > ********************************************************************** ****************************************************************************** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ****************************************************************************** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61065&t=61043 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
