Pix 501 config

Discussion in 'Cisco' started by Chris Gumm, Jul 23, 2003.

  1. Chris Gumm

    Chris Gumm Guest


    I having trouble with a Pix 501 config. Here is my setup.

    Client PC -----> Internet -----> Pix 501 -----> SBS2K (ISA FW)----->
    Local LAN -----> webserver

    VPN (PPTP) -----> to the SBS2K server
    WWW -----> to a web server on Local LAN
    SMTP -----> to the SBS2K server

    <----- www, ftp, ntp and etc from SBS2K

    Now stmp ---> and <--- evertything else works fine, but www ---> and
    PPTP(VPN)---> doesn't. Also the www server is using host headers for
    diffrent sites. Am I missing something?


    Here is the pix config

    PIX Version 6.2(2)
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname pixfirewall
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sqlnet 1521
    fixup protocol sip 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol http 80
    access-list 200 permit tcp any any eq smtp
    access-list 200 permit tcp any any eq www
    acesss-list 200 permit tcp any any pptp
    pager lines 24
    interface ethernet0 10baset
    interface ethernet1 10full
    mtu outside 1500
    mtu inside 1500
    ip address outside
    ip address inside
    ip audit info action alarm
    ip audit attack action alarm
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0 0
    static (inside,outside) tcp smtp smtp netmask 0 0
    static (inside,outside) tcp www www netmask 0 0
    static (inside,outside) tcp pptp pptp netmask 0 0
    access-group 200 in interface outside
    conduit permit tcp host eq www any
    route outside 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
    0:05:00 si
    p 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    no sysopt route dnat
    telnet timeout 5
    ssh timeout 5
    terminal width 80
    : end
    Chris Gumm, Jul 23, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.