Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Any Any Accept rule not working

Status
Not open for further replies.
tabularasa

tabularasa

Technical User
Sep 20, 2002
65
US
Hey Guys.

I still have not been able to get my firewall to work. :-( im about to give up.

How about this. With an ANY ANY ACCEPT rule base installed and verified, im receiving dropped traffic.
traffic gets out ok, but traffic does not get in.

Ive got Nokia ip530 with ipso 3.6 and NG FP2.

pop3 traffic from external to my mail server is dropped
traffic from yahoo to my local machine is dropped
DNS resloves just fine.

Any suggestions?
 
Sort by date Sort by votes
Have you checked your NAT rules? **********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
According to which rule does the log viewer say your traffic is dropped? If it is Rule 0, you should take a look at the rulebase properties, if it restricts any traffic you want to let in. NAT is also a good idea as already pointed out, but to check Anti-Spoofing settings on the interfaces could also be a good idea.
 
Upvote 0 Downvote
You need to check the implied rules also to see if there's anything further up the rulebase overiding your any-any rulebase.
 
Upvote 0 Downvote
Sounds very like anti spoofing to me. I take it you have defined your encryption domain and applied it to your firewall interfaces (s1p1 and s6p1 on a Nokia)? B-)
Brian, CCSE
brian@domain-integrity.com
 
Upvote 0 Downvote
Hi Brian. Where did you get the info from, that he's doing VPN? It's nowhere in the text of the question, or is that from an older thread? He's not replying, too. Maybe it's all solved.
 
Upvote 0 Downvote
If you just have an any any accept rule this isnt enough as said above.
you havent said what you are trying to connect (web or mail server, PC's to connect to internet)

For PC's to connect
1 create a network object to cover your internal network
2. in the network object click NAT tab and use NAT-hide and use external interface of firewall (for a live network i would strongly recoment using NAT-hide specific ip address in same subnet as firewall but different ip unfortionatly this requires additional addresses).

For server (web or mail)
1. create node object for server
2. in node NAT tab use NAT-Static using the Valid IP address you have assigned to that server for the internet. make sure this ip address is in the same subnet as the firewall (it is possible to use different address ranges but is more complex)
 
Upvote 0 Downvote
Sorry i have not written in so long guys.

Would you believe the problem all along was that i defined the firewall with a non-routable address. As soon as i changed to a 'real' IP, everything started working.

:)

Thanks a million guys!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
AnyConnect + Azure + SAML
Replies
0
Views
244
Sparrow4
Sparrow4
quar
  • Locked
  • Question
Moving a rule
Replies
2
Views
158
iggsterman
iggsterman
quar
  • Locked
  • Question
Moving a rule
Replies
0
Views
58
quar
quar
DROFNUD
  • Locked
  • Helpful tip
Smartcenter Dashboard - Searching for "Any" keyword
Replies
0
Views
54
DROFNUD
DROFNUD
disturbedone
  • Locked
  • Question
proxy.pac not working correctly in IE11
Replies
0
Views
83
disturbedone
disturbedone

Part and Inventory Search

Sponsor

Back
Top