PIX routing incoming problems.

Discussion in 'Cisco' started by Steve Holdoway, Jul 23, 2003.

  1. I've got a bit of a problem with the setup I've got on a PIX 515,
    where I'm allowing a remote system to access a secure website and
    deliver stats to Big Brother ( which uses port 1984... see www.bb4.com
    for details ).

    I know that the stuff is getting to the pix, 'cos show access-list
    shows that the hitcount is increasing. The problem is that it seems to
    be getting no further... especially not to the host who should be
    listening for it.

    Any ideas???

    Cheers, Steve


    This is what I've got...

    (snippet from show access-list outside_acl)
    access-list outside_acl line 21 permit tcp host <remote machine> host
    <global IP of incoming interface> eq 1984 (hitcnt=3640)
    access-list outside_acl line 22 permit tcp host <remote machine> host
    <global IP of incoming interface> eq https (hitcnt=26)

    show static
    static (inside,outside) tcp <global IP of incoming interface> https
    <internal IP of incoming interface> https netmask 255.255.255.255 0 0
    static (inside,outside) tcp <global IP of incoming interface> 1984
    <internal IP of incoming interface>1984 netmask 255.255.255.255 0 0

    show version
    Cisco PIX Firewall Version 6.3(1)
    Cisco PIX Device Manager Version 3.0(1)

    Compiled on Wed 19-Mar-03 11:49 by morlee

    <name> up 13 days 12 hours

    Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
    Flash i28F640J5 @ 0x300, 16MB
    BIOS Flash AT29C257 @ 0xfffd8000, 32KB

    0: ethernet0: address is 0003.e300.0bf8, irq 10
    1: ethernet1: address is 0003.e300.0bf9, irq 7
    2: ethernet2: address is 00e0.b602.77ed, irq 11
    3: ethernet3: address is 00e0.b602.77ec, irq 11
    4: ethernet4: address is 00e0.b602.77eb, irq 11
    5: ethernet5: address is 00e0.b602.77ea, irq 11
    Licensed Features:
    Failover: Enabled
    VPN-DES: Enabled
    VPN-3DES-AES: Disabled
    Maximum Interfaces: 6
    Cut-through Proxy: Enabled
    Guards: Enabled
    URL-filtering: Enabled
    Inside Hosts: Unlimited
    Throughput: Unlimited
    IKE peers: Unlimited

    This PIX has an Unrestricted (UR) license.
     
    Steve Holdoway, Jul 23, 2003
    #1
    1. Advertisements

  2. Thanks for the ideas... it turned out that all it needed was the old
    Micro$oft solution... a hardware reset! Cycled the power and all was
    fine. Maybe someone's been trying to hack me again!

    Cheers,


    Steve

     
    Steve Holdoway, Jul 24, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.