Incoming traffic one interface and users outgoing on another usingPIX 515

Discussion in 'Cisco' started by ktstzo, Oct 13, 2009.

  1. ktstzo

    ktstzo Guest

    Hello every one,

    I currently have a PIX 515 - v6.3 set up in the following way

    4 interfaces:

    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 outside2 security50
    nameif ethernet3 outsied3 security50

    I have all my published services(http, smtp.. etc) on public IP of
    interface Outside.

    All users internet traffic also uses this interface.

    Outside2 is used for our VPN Inter-office traffic.

    global (outside) 1 interface
    global (outside2) 1 interface
    global (outside3) 1 interface
    nat (inside) 0 access-list 100
    nat (inside) 1 0 0
    static (inside,outside) tcp x.x.x.107 www www netmask 0 0
    static (inside,outside) tcp x.x.x.107 smtp mail01 smtp netmask 0 0
    static (inside,outside) tcp x.x.x.107 https https netmask 0 0
    static (inside,outside) x.x.x.108 netmask
    0 0
    static (inside,outside) x.x.x.109 netmask 0 0

    route outside x.x.x.105 1
    route outside2 z.z.z.16 z.z.z.241 1
    route outside2 z.z.z.232 z.z.z.241 1
    route outside2 z.z.z.192 z.z.z.241 1

    I would like that all our internal users traffic use Interface

    this is what i have done so far.

    i have changed the default route:

    no route outside x.x.x.105

    route outside2 z.z.z.241.

    all users can navigate on the internet fine.

    the problem is that no one can reach our public ip address on
    interface outside after this change.

    I think the problem could be that when te trafic gets translated to
    the internal ip address then it goes back to the pix and gets out whit
    interface Outside2 IP

    Can any one give me a hand whit this.

    thanks very much for your time
    ktstzo, Oct 13, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.