Thanks to all the list members who jumped in with suggestions. I happy to
say I have a baseline configuration up and running.
I moved way from using a hub on the private side, and instead found a switch
with 2 or 3 terminals connected. As soon as I plugged in a line from the
switch, the lights on the "inside" PIX card lit up! At that time I was able
to ping terminals both on the inside and outside. (Maybe the hub was bad!)
But naturally, I have a few more questions<g>!
1. I mapped a single global address to an inside server target:
static (inside,outside) 10.0.0.44 38.168.115.61 netmask
255.255.255.255 0 0
and then created 4 conduits so I could support port 80 and 443 transactions
conduit permit tcp host 38.168.115.61 eq www any
conduit permit tcp host 10.0.0.44 eq www any
conduit permit tcp host 38.168.115.61 eq 443 any
conduit permit tcp host 10.0.0.44 eq 443 any
a) Do I need to create conduits to BOTH the inside and outside addresses?
IOW do I need 4 or 2 statements?
b) Is there a conduit command which allows me to just specify the two
allowable addresses in one statement?
2. When I was trying various configurations, I was getting inconsistent
results. IOW, sometimes I would be denied from reaching the inside server,
other times I could get in after a PIX reboot. I got the impression that it
is a good idea to have an inside terminal contact an outside resource (i.e.
load a Web page) right after PIX reboot and before testing access from the
outside. I also was issuing the "clear xlate" command more frequently
toward the end (when things started stabilizing). Is there any
configuration subtlety I'm missing here?
TIA
Harry
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
