pix problem [7:33184]

2002-01-25 Thread cage
The following is my configure of pix 525, now the nodes in the dmz can not connect to the outside, why? and do i have to use the NAT command to the traffic from the dmz to the outside. It seem that the pix cant route the dmz traffic to the outside. help me! please! sh conf : Saved : PIX Version 6

Re: pix problem [7:33184]

2002-01-25 Thread John Kaberna
1. How do your inside users get out? There is no global command for inside. You should test that first before you work on the DMZ stuff. It's a little easier to get working and it verifies that you know how to configure NAT/PAT. 2. I don't think this is a problem, but I would match your nat

Re: pix problem [7:33184]

2002-01-25 Thread Carroll Kong
A few quick thoughts that might be messing this up. You have no default route for your DMZ. If you planned on having the DMZ map back to the outside properly, your global does not indicate so. Also, you do not seem to have any globals which match the nat ids for the dmz. At 09:35 AM

Re: pix problem [7:33184]

2002-01-25 Thread Gaz
Can't see anything wrong. Have you done a 'clear xlate', and if necessary a reboot? Otherwise can't see anything, as long as IP config is OK on devices on DMZ. Gaz ""cage"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The following is my configure of pix 525, now the nodes in

Re: pix problem [7:33184]

2002-01-25 Thread Berry Mobley
Your access list for the dmz interface (ping_acl) only allows icmp traffic. The implicit 'deny any any' at the end is stopping your traffic. As a side note - it's a bad idea to post configs with passwords - encrypted or not - to any public forum. Which this is. Good luck... Berry At 09:35

Re: pix problem [7:33184]

2002-01-25 Thread Gaz
Does your outside router have a route to DMZ network: IP route 202.99.33.0 255.255.255.0 210.82.34.29 Gaz ""cage"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The following is my configure of pix 525, now the nodes in the dmz can not > connect to the outside, why? > and d

Re: pix problem [7:33184]

2002-01-26 Thread Paul Borghese
You guys may want to ask this on the CCIE Security list as well :-) http://www.groupstudy.com/list/security.html Paul ""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Can't see anything wrong. Have you done a 'clear xlate', and if necessary a > reboot? > Otherwise can't

RE: pix problem [7:33184]

2002-01-29 Thread Keyur Shah
cage [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 6:36 AM To: [EMAIL PROTECTED] Subject: pix problem [7:33184] The following is my configure of pix 525, now the nodes in the dmz can not connect to the outside, why? and do i have to use the NAT command to the traffic from the dmz to the o