New to Cisco

Discussion in 'Cisco' started by KEN, Nov 6, 2007.

  1. KEN

    Chad Mahoney Guest

    So does the web server have its default gateway set to the internal IP
    of the PIX or is it using the watchguard as its default gateway. Is the
    watchguard inline with the PIX, could it possibly be blocking the
    incoming requests?
     
    Chad Mahoney, Nov 7, 2007
    #21
    1. Advertisements

  2. KEN

    KEN Guest

    I removed those settings as well. Still nothing.
     
    KEN, Nov 7, 2007
    #22
    1. Advertisements

  3. KEN

    KEN Guest

    The server I am trying to reach is on the PIX network and has that
    device set as the default gateway. That was I thought originally was
    the problem. The two firewalls are on separate lines and have
    separate public interfaces. I am able to get to the outside from
    behind the PIX from the server and my machine. I am pretty sure that
    the watchguard isn't effecting the other firewall.
     
    KEN, Nov 7, 2007
    #23
  4. KEN

    Chad Mahoney Guest


    Ken,

    Try this, issue a 'show xlate' command, it will list current
    translations in the NAT table, in the list look for an entry such as:


    PAT Global External IP(443) Local 10.0.1.200(443)

    This will tell us if it is a NAT issue or an ACL issue
     
    Chad Mahoney, Nov 7, 2007
    #24
  5. KEN

    KEN Guest

    I have port 25, 1045, 1044, 1041, 1040, 1031 but no 80 or 443. Which
    could be a problem.
     
    KEN, Nov 7, 2007
    #25
  6. KEN

    Chad Mahoney Guest


    Ah!

    I assume you have some extra IP address? If so could you try this...

    access-list outside_access_in_1 permit tcp any host <Another static IP
    address> eq 25

    access-list outside_access_in_1 permit tcp any host <Another static IP
    address> eq 80

    access-list outside_access_in_1 permit tcp any host <Another static IP
    address> eq 443

    then place these:

    static(inside,outside) tcp <Another Static IP> smtp 10.0.1.200 smtp
    netmask 255.255.255.255

    static(inside,outside) tcp <Another Static IP> 80 10.0.1.200 80 netmask
    255.255.255.255

    static(inside,outside) tcp <Another Static IP> 443 10.0.1.200 443
    netmask 255.255.255.255

    access-group outside_access_in_1 in interface outside


    Before doing this remove any existing ACL or static statements, also
    remove the nat (inside) 0 inside_nat0 statement.
     
    Chad Mahoney, Nov 7, 2007
    #26
  7. You can simplify and do a full static (all ports) if you have
    available IPs on the outside.

    static (inside,outside) 12.190.141.214 10.0.1.200 netmask
    255.255.255.255

    Then clear xlate and see what IP your web server is using with a tool
    like whatsmyip.

    It should report that the web server is at 12.190.141.214. I assume
    the web server is working on the inside, so not a web server problem,
    and that it is listening on port 80 for the IP of 10.0.1.200.
     
    Shawn Westerhoff, Nov 10, 2007
    #27
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.