RE: PIX Question [7:53832]
Tom, Sweet. Let me know if that does not Solve your issue. You peaked my curiosity on this one. Thank You, Leslie McIntosh Sr. Network Engineer Deloitte & Touche Outsourcing -Original Message- From: Tom Nielsen [mailto:[EMAIL PROTECTED]] Sent: Sun 9/22/2002 8:52 PM To: [EMAIL PROTECTED] Cc: Subject: RE: PIX Question [7:53832] Well... Close. I was using conduit statements more so than access lists. After seeing what you had put down, I think my error was in the global statement. I had... global (outside) 1 interface Tom &i=53875&t=53832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] - This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. - If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53893&t=53832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Question [7:53832]
Well... Close. I was using conduit statements more so than access lists. After seeing what you had put down, I think my error was in the global statement. I had... global (outside) 1 interface Tom Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53875&t=53832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Question [7:53832]
Tom, I am seeing the following: configure terminal access-list 101 permit tcp any host x.x.17.34 eq ftp access-list 101 permit tcp any host x.x.17.34 eq www access-list 101 permit tcp any host x.x.17.34 eq smtp !PAT for extenal web access global (outside) 1 x.x.17.34 nat (inside) 1 192.168.0.0 255.255.0.0 0 0 !Port redirection for email, ftp, web server static (inside,outside) tcp x.x.17.34 ftp 192.168.x.x ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp x.x.17.34 www 192.168.x.x www netmask 255.255.255.255 0 0 static (inside,outside) tcp x.x.17.34 smtp 192.168.x.x smtp netmask 255.255.255.255 0 0 !allow external access to email, ftp, web server access-group 101 in interface outside exit Is this similar to what you have? Are you seeing anything in the Xlate table indicating that the internal users are at least getting a xlate on the PIX? I am more familiar with conduit statements, but the ACL's are the same. I think I would take this back to PAT if there are still issues. Prove PAT then add statements to see what is killing the connections. Les -Original Message- From: Tom Nielsen [mailto:[EMAIL PROTECTED]] Sent: Sun 9/22/2002 12:11 AM To: [EMAIL PROTECTED] Cc: Subject: RE: PIX Question [7:53832] I saw that in my search for the answer. When I try to implement it, the only device that is able to get on the internet is the device hosting the website/email. All other workstation could resolve the internet websites but could not browse. Tom &i=53841&t=53832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] - This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. - If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53843&t=53832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Question [7:53832]
I saw that in my search for the answer. When I try to implement it, the only device that is able to get on the internet is the device hosting the website/email. All other workstation could resolve the internet websites but could not browse. Tom Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53841&t=53832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Question [7:53832]
Tom, Having just passed my CSPFA and MCNS exams in the last month, I thought I was pretty on top or the PIX thing Then you ask about Port Redirection, so my curiosity is peaked and I had to do some Cisco.com surfing. I found a Link that deals specifically with NAT and port redirection: http://www.cisco.com/warp/public/707/28.html I do not think I covered a single chapter/question about port Redirection on my exams/study guide (Cisco Press). Check out the link, it looks pretty cool! Now I am going to have to get a 501 and try that at the house! Thank You, Leslie McIntosh Sr. Network Engineer Deloitte & Touche Outsourcing CCNA, CNE5, Network+, A+ - Working on CSS1 (3 of 4) -Original Message- From: Tom Nielsen [mailto:[EMAIL PROTECTED]] Sent: Sat 9/21/2002 8:01 PM To: [EMAIL PROTECTED] Cc: Subject: PIX Question [7:53832] Basic configuration issue. I have a very simple configuration. I have a PIX Firewall with 2 Interfaces (Inside,outside). I have an internal network, 192.168.0.0/16. The outside interface is x.x.17.35 - I have one additional IP Address x.x.17.34 that everyone has to nat out. The address (.34) also will handle all incoming mail, web and FTP requests and redirect it to a server in the 192.168.0.0/16 network. I am confused on the the Static, global and NAT commands for this configuration... any help would be appreciated. tom &i=53832&t=53832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] - This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. - If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53837&t=53832 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]