Hello all, I try to configure a PIX515, which has 2 interfaces. My problem is, that I cannot start any communication from the outside through the firewall. Outbound connections are no problem. These are some of the syslog messages: %PIX-6-305002: Translation built for gaddr 192.168.0.253 to laddr 192.168.1.1 %PIX-3-106010: Deny inbound udp src outside:192.168.0.3/1086 dst inside:192.168.1.1/53 %PIX-3-106010: Deny inbound udp src outside:192.168.0.2/1024 dst inside:192.168.1.1/69 So I tried it with DNS and TFTP, but also with some TCP ports. Besides, when I check the meaning of system log messages in the internet (cisco.com), it tells me that 106010 is an 'deny inbound icmp' message. Here is a sample of my config: PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names name 192.168.1.10 INTRANET name 192.168.0.10 DMZ access-list 110 permit icmp 192.168.1.0 255.255.255.0 any echo access-list 110 permit ip any any access-list 120 permit icmp any 192.168.0.0 255.255.255.0 echo-reply access-list 120 permit ip any any interface ethernet0 auto interface ethernet1 auto ip address outside DMZ 255.255.255.0 ip address inside INTRANET 255.255.255.0 global (outside) 1 192.168.0.200-192.168.0.252 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 192.168.0.253 192.168.1.1 netmask 255.255.255.255 0 0 access-group 120 in interface outside access-group 110 in interface inside route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 The acls used to be more detailed, but as you can see, after a while of testing, I decided to permit all ip traffic. The access-lists seem to work, because without the permit icmp I cannot ping out. So there must be the connection between the interface and the acl. Another question I have is, I want to build a explicit trust relationship between two active directory domains through the firewall. Does anybody have a hint how that works? Thanks in advance for all help, Sven Jansen _______________________________________________________________________ 1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de [EMAIL PROTECTED], 8MB Speicher, Verschluesselung - http://freemail.web.de _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
