Need help with PIX 515

Discussion in 'General Computer Support' started by solutionsplus, Feb 5, 2008.

  1. solutionsplus

    solutionsplus

    Joined:
    Feb 5, 2008
    Messages:
    1
    Hi,

    I have a PIX 515, I have it doing almost what I need to be doing but somewhere in my code something isnt right. Its actually pretty basic but i guess i'm just getting myopic after staring at it so long.

    I can connect to one of the servers (in the remote data center where all this stuff is). I can remote the pix from the main (PDC) server. However, I cannot communicate with the BDC or the Backup server (as in the code below). What am I doing wrong? The ones not communicating are IP's 200.200.200.1 and 200.200.200.2 (200.200.200.3 works ok).

    THANK YOU for ANY help!

    Jim

    PIX Version 6.3(5)
    interface ethernet0 10full
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    name 10.0.0.244 InsideIPAddress
    name 10.0.0.240 Server-PDC
    name 10.0.0.241 Server-BDC
    name 10.0.0.242 Server-BackUP
    access-list acl-in deny icmp any any mask-request
    access-list acl-in permit icmp any any
    access-list acl-in permit tcp any host 200.200.200.3 eq www
    access-list acl-in permit tcp any host 200.200.200.3 eq https
    access-list acl-in permit tcp any host 200.200.200.1 eq smtp
    access-list acl-in permit tcp any host 200.200.200.1 eq pop3
    access-list acl-in permit tcp any host 200.200.200.1 eq www
    access-list acl-in permit tcp any host 200.200.200.1 eq https
    access-list acl-in permit tcp any host 200.200.200.2 eq www
    access-list acl-in permit tcp any host 200.200.200.2 eq https
    access-list acl-in permit tcp any host 200.200.200.2 eq 2003
    access-list acl-in permit tcp any host 200.200.200.2 eq 308
    access-list acl-in deny ip any any log
    access-list in permit tcp any host 200.200.200.2
    pager lines 200
    mtu outside 1500
    mtu inside 1500
    ip address outside 200.200.200.200 255.255.255.240
    ip address inside InsideIPAddress 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    no failover
    failover timeout 0:00:00
    failover poll 15
    no failover ip address outside
    no failover ip address inside
    pdm location 10.0.0.0 255.0.0.0 inside
    pdm location Server-BDC 255.255.255.255 inside
    pdm location Server-BackUP 255.255.255.255 inside
    pdm location InsideIPAddress 255.255.255.255 inside
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 10.0.0.0 255.255.255.0 0 0
    static (inside,outside) 200.200.200.1 Server-BDC netmask 255.255.255.255 0 0
    static (inside,outside) 200.200.200.2 Server-BackUP netmask 255.255.255.255 0 0
    static (inside,outside) 200.200.200.3 Server-PDC netmask 255.255.255.255 0 0
    access-group acl-in in interface outside
    route outside 0.0.0.0 0.0.0.0 200.200.200.17 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout sip-disconnect 0:02:00 sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http 10.0.0.0 255.0.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community nytemon
    no snmp-server enable traps
    floodguard enable
    telnet Server-PDC 255.255.255.255 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    terminal width 80
    : end
     
    solutionsplus, Feb 5, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eddie
    Replies:
    9
    Views:
    1,385
    Eddie
    Jun 20, 2004
  2. Kilgore Troute
    Replies:
    1
    Views:
    695
    S. Gione
    Sep 7, 2004
  3. sunmagic

    Cisco PIX 515 - need help.

    sunmagic, Mar 6, 2005, in forum: Cisco
    Replies:
    4
    Views:
    663
    sunmagic
    Mar 6, 2005
  4. Scott Townsend
    Replies:
    8
    Views:
    723
    Roman Nakhmanson
    Feb 22, 2006
  5. Stephen M
    Replies:
    1
    Views:
    697
    mcaissie
    Nov 14, 2006
Loading...

Share This Page