Hi,
I believe you need to add an access-list entry like this to allow inf3 to have access to the internet.
[code]access-list acl_inf3 permit tcp any any eq www[\code]
[code]access-list acl_inf3 permit tcp any any eq domain[\code]
this will allow the web traffic through the third interface.
sean
Hi mitan
Try adding these lines to your config to allow access from the outside to your inside server,
static (inside,outside) xxx.xxx.xxx.75 192.168.128.198 netmask 255.255.255.255 0 0
access-list acl_out permit tcp any host xxx.xxx.xxx.75 eq smtp
access-list acl_out permit tcp any host...
Hi oh,
I believe the reason it is not working is that the <<Configuring PIX-to-PIX-to-PIX IPSec (Hub and Spoke)>> configuration is based off of using static ips on both Firewalls for their outside interfaces. But your pix-2 outside is not static, it is dynamic. Because of this, pix-1 is...
Hello,
After reviewing the 2 configs the problem seems to be in the fact that PIX-2 is receiving its outside ip dynamicly from the isp. When this happens PIX-1 will not have the correct ip address in the following line Crypto map newmap 20 set peer 61.22.xx.xx. I would enable debug logging on...
Hi,
I noticed that you are using statics for your connection sharing. The only static ip should be the gateway, the others should be set up to obtain there info by DHCP. The Gateway machine acts as a DHCP server when the ICS is enabled. Remeber you can only have five connections through the...
Hi,
You need to create an access-list to allow traffic through the dmz2 interface. for example...
access-list acl-dmz2 permit icmp any any
then apply the access-list to interface dmz2
access-group acl-dmz2 in interface dmz2
this will allow the icmp traffic through the FW from the dmz2...
This cisco doc
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/ipsec/advanced.htm#xtocid8
talks about telneting to the outside interface using their VPN Client.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.