General Help Related Topics - Need help with PIX 515

02-05-2008, 03:17 PM

Hi,

I have a PIX 515, I have it doing almost what I need to be doing but somewhere in my code something isnt right. Its actually pretty basic but i guess i'm just getting myopic after staring at it so long.

I can connect to one of the servers (in the remote data center where all this stuff is). I can remote the pix from the main (PDC) server. However, I cannot communicate with the BDC or the Backup server (as in the code below). What am I doing wrong? The ones not communicating are IP's 200.200.200.1 and 200.200.200.2 (200.200.200.3 works ok).

THANK YOU for ANY help!

Jim

PIX Version 6.3(5)
interface ethernet0 10full
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 10.0.0.244 InsideIPAddress
name 10.0.0.240 Server-PDC
name 10.0.0.241 Server-BDC
name 10.0.0.242 Server-BackUP
access-list acl-in deny icmp any any mask-request
access-list acl-in permit icmp any any
access-list acl-in permit tcp any host 200.200.200.3 eq www
access-list acl-in permit tcp any host 200.200.200.3 eq https
access-list acl-in permit tcp any host 200.200.200.1 eq smtp
access-list acl-in permit tcp any host 200.200.200.1 eq pop3
access-list acl-in permit tcp any host 200.200.200.1 eq www
access-list acl-in permit tcp any host 200.200.200.1 eq https
access-list acl-in permit tcp any host 200.200.200.2 eq www
access-list acl-in permit tcp any host 200.200.200.2 eq https
access-list acl-in permit tcp any host 200.200.200.2 eq 2003
access-list acl-in permit tcp any host 200.200.200.2 eq 308
access-list acl-in deny ip any any log
access-list in permit tcp any host 200.200.200.2
pager lines 200
mtu outside 1500
mtu inside 1500
ip address outside 200.200.200.200 255.255.255.240
ip address inside InsideIPAddress 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
pdm location 10.0.0.0 255.0.0.0 inside
pdm location Server-BDC 255.255.255.255 inside
pdm location Server-BackUP 255.255.255.255 inside
pdm location InsideIPAddress 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 10.0.0.0 255.255.255.0 0 0
static (inside,outside) 200.200.200.1 Server-BDC netmask 255.255.255.255 0 0
static (inside,outside) 200.200.200.2 Server-BackUP netmask 255.255.255.255 0 0
static (inside,outside) 200.200.200.3 Server-PDC netmask 255.255.255.255 0 0
access-group acl-in in interface outside
route outside 0.0.0.0 0.0.0.0 200.200.200.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 10.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community nytemon
no snmp-server enable traps
floodguard enable
telnet Server-PDC 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
: end

solutionsplus

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

02-05-2008, 03:17 PM	#1
	Need help with PIX 515 Hi, I have a PIX 515, I have it doing almost what I need to be doing but somewhere in my code something isnt right. Its actually pretty basic but i guess i'm just getting myopic after staring at it so long. I can connect to one of the servers (in the remote data center where all this stuff is). I can remote the pix from the main (PDC) server. However, I cannot communicate with the BDC or the Backup server (as in the code below). What am I doing wrong? The ones not communicating are IP's 200.200.200.1 and 200.200.200.2 (200.200.200.3 works ok). THANK YOU for ANY help! Jim PIX Version 6.3(5) interface ethernet0 10full interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 10.0.0.244 InsideIPAddress name 10.0.0.240 Server-PDC name 10.0.0.241 Server-BDC name 10.0.0.242 Server-BackUP access-list acl-in deny icmp any any mask-request access-list acl-in permit icmp any any access-list acl-in permit tcp any host 200.200.200.3 eq www access-list acl-in permit tcp any host 200.200.200.3 eq https access-list acl-in permit tcp any host 200.200.200.1 eq smtp access-list acl-in permit tcp any host 200.200.200.1 eq pop3 access-list acl-in permit tcp any host 200.200.200.1 eq www access-list acl-in permit tcp any host 200.200.200.1 eq https access-list acl-in permit tcp any host 200.200.200.2 eq www access-list acl-in permit tcp any host 200.200.200.2 eq https access-list acl-in permit tcp any host 200.200.200.2 eq 2003 access-list acl-in permit tcp any host 200.200.200.2 eq 308 access-list acl-in deny ip any any log access-list in permit tcp any host 200.200.200.2 pager lines 200 mtu outside 1500 mtu inside 1500 ip address outside 200.200.200.200 255.255.255.240 ip address inside InsideIPAddress 255.255.255.0 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 no failover ip address outside no failover ip address inside pdm location 10.0.0.0 255.0.0.0 inside pdm location Server-BDC 255.255.255.255 inside pdm location Server-BackUP 255.255.255.255 inside pdm location InsideIPAddress 255.255.255.255 inside pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 10.0.0.0 255.255.255.0 0 0 static (inside,outside) 200.200.200.1 Server-BDC netmask 255.255.255.255 0 0 static (inside,outside) 200.200.200.2 Server-BackUP netmask 255.255.255.255 0 0 static (inside,outside) 200.200.200.3 Server-PDC netmask 255.255.255.255 0 0 access-group acl-in in interface outside route outside 0.0.0.0 0.0.0.0 200.200.200.17 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 10.0.0.0 255.0.0.0 inside no snmp-server location no snmp-server contact snmp-server community nytemon no snmp-server enable traps floodguard enable telnet Server-PDC 255.255.255.255 inside telnet timeout 5 ssh timeout 5 console timeout 0 terminal width 80 : end solutionsplus