|
|
|
|
06-19-2009, 05:03 PM
|
#1 |
PIX 6.3 - Outbound traffic not working
Hi,
I have a vpn and following PIX configuration. Outside users can get in but users can not get out from inside. Outbound traffic is not working at all. Not sure if I have to apply the accesslist to outside interface. Can someone please help? PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password yEejltES02QYOkGq encrypted passwd SkGAlm91goMQFQlP encrypted hostname CUL-FW1 domain-name cul.org fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol pptp 1723 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.240 access-list outside_access_in permit icmp any any pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 124.132.244.35 255.255.255.240 ip address inside 192.168.0.3 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool CULVPN 192.168.10.1-192.168.10.15 pdm location 192.168.0.0 255.255.255.0 inside pdm logging emergencies 100 pdm history enable arp timeout 14400 global (outside) 1 124.132.244.36-124.132.244.45 global (outside) 1 124.132.244.46 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 access-group outside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 124.132.244.33 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec sysopt connection permit-pptp crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap client configuration address initiate crypto map mymap client configuration address respond crypto map mymap interface outside isakmp enable outside isakmp policy 20 authentication pre-share isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup vpn3000-all idle-time 1800 vpngroup CUlgroup address-pool CULVPN vpngroup CUlgroup dns-server 192.168.0.5 vpngroup CUlgroup wins-server 192.168.0.5 vpngroup CUlgroup idle-time 1800 vpngroup CUlgroup password ******** telnet 192.168.0.0 255.255.255.0 inside telnet timeout 5 ssh 192.168.0.0 255.255.255.0 inside ssh timeout 5 console timeout 0 terminal width 80 Cryptochecksum:c1be5832b851a0ae7a4178e24ea7f999 : end CUL-FW1# CUL-FW1# sh int interface ethernet0 "outside" is up, line protocol is up Hardware is i82559 ethernet, address is 001d.a286.7ee7 IP address 124.132.244.35, subnet mask 255.255.255.240 MTU 1500 bytes, BW 100000 Kbit full duplex 141411 packets input, 14301433 bytes, 0 no buffer Received 5560 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 6844 packets output, 425853 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/12 software (0/2) output queue (curr/max blocks): hardware (0/1) software (0/1) interface ethernet1 "inside" is up, line protocol is up Hardware is i82559 ethernet, address is 001d.a286.7ee8 IP address 192.168.0.3, subnet mask 255.255.255.0 MTU 1500 bytes, BW 100000 Kbit full duplex 24912018 packets input, 2155822238 bytes, 0 no buffer Received 16418328 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 7261021 packets output, 450417946 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier input queue (curr/max blocks): hardware (128/12 software (0/120) output queue (curr/max blocks): hardware (0/120) software (0/1) CUL-FW1# Thanks, K khurri |
|
|
|
|
06-26-2009, 02:39 PM
|
#2 |
|
Junior Member
Join Date: Jun 2009
Posts: 2
|
global (outside) 1 124.132.244.36-124.132.244.45
global (outside) 1 124.132.244.46 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 try with global (outside) 1 interface nat (inside) 1 0.0.0.0 .0.0.0.0 0 0 means nat all ip from inside inferface on outside interface lokojones |
|
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Start Up Help - Password/keys/mouse not working | cwaddell27 | General Help Related Topics | 0 | 09-10-2008 05:32 PM |
| (rumor) Toshiba Working With Microsoft On New Entertainment Xbox (360) with built-in HD-DVD | AirRaid | DVD Video | 6 | 10-21-2007 02:19 AM |
| win 98 not working after ms drivers update | Sean Cleary | A+ Certification | 1 | 07-06-2007 10:15 PM |
| DVD drive not working > deleted too much from the registry key! | inithaca | Hardware | 1 | 07-02-2007 03:18 PM |
| Windows ME Default Icons Not Working | C Lee | A+ Certification | 1 | 05-19-2004 05:27 PM |
