I found that I had a similar problem with our network when I used the static ip
command. When I used the static command and specifed which ports I was dealing with,
I didn't have any further issues. Hope that this helps.
Wyatt
-----Original Message-----
From: Glenn English [mailto:[EMAIL PROTECTED]
Sent: Tue 7/22/2003 5:50 PM
To: 'Security-Basics'
Cc:
Subject: Some Cisco PIX newbie questions
I got a 506E (first experience with Cisco) last Friday, and I'm learning
how to use it with the 172.16.0.146/28 (a LAN around the building) as
the Internet and 192.168.82.40/29 (my workstation) as the protected LAN.
(And an old Mac SE/30 as the terminal.)
Configuring from the terminal works, telnet works, https works, tftp
works, the Java PDM pretty much works, and connecting from inside to
outside works.
But I can't figure out how to get through the firewall in the other
direction. There's a static map from an "Internet" IP to my workstation,
and the PIX' log shows a connection attempt. But what I specifically
permit is being denied. Is the anti-spoofing blocking it? If so, why is
it not blocking packets returning to the PAT address?
--
Glenn English
[EMAIL PROTECTED]
---------------------------------------------------------------------------
----------------------------------------------------------------------------
