I have Version 4.4 IOS and have the config at the bottom of the page.
I have the config wide open until I have connectivity then will lock down.
I can ping the DMZ from the outside interface, can access the web server on the DMZ from the outside interface, have full connectivity from inside to outside, but I cannot access web server from beyond the outside interface to the DMZ. DNS is resolving the name. I can ping, but no port 80 connectivity.
Does anyone see anything in the config that is the problem, thanks for the help,
Rkmorrow
PIX Version 4.4(9)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz1 security10
nameif ethernet3 dmz2 security15
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd TzkqujMsGHiVHPDV encrypted
hostname pwdb_pix
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
pager lines 24
logging on
no logging timestamp
no logging console
no logging monitor
no logging buffered
no logging trap
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
interface ethernet3 auto
mtu outside 1500
mtu inside 1500
mtu dmz1 1500
mtu dmz2 1500
ip address outside 164.51.19.130 255.255.255.192
ip address inside 192.168.1.2 255.255.255.0
ip address dmz1 192.168.254.1 255.255.255.0
ip address dmz2 127.0.0.1 255.255.255.255
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address dmz1 0.0.0.0
failover ip address dmz2 0.0.0.0
arp timeout 14400
global (outside) 1 164.51.19.131
global (dmz1) 1 192.168.254.254
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (dmz1,outside) 164.51.19.132 192.168.254.2 netmask 255.255.255.255 0 0
conduit permit icmp host 164.51.19.132 any
conduit permit tcp host 164.51.19.132 eq conduit permit icmp any any
outbound 1 permit 192.168.0.0 255.255.0.0 80 tcp
outbound 1 permit 192.168.0.0 255.255.0.0 443 tcp
outbound 1 permit 192.168.0.0 255.255.0.0 110 tcp
outbound 1 permit 192.168.0.0 255.255.0.0 25 tcp
outbound 1 permit 192.168.0.0 255.255.0.0 21 tcp
outbound 1 permit 192.168.0.0 255.255.0.0 53 ip
outbound 2 permit 192.168.254.0 255.255.0.0 53 ip
outbound 2 permit 192.168.254.0 255.255.0.0 25 tcp
apply (inside) 1 outgoing_src
apply (dmz1) 2 outgoing_src
no rip outside passive
no rip outside default
no rip inside passive
no rip inside default
no rip dmz1 passive
no rip dmz1 default
no rip dmz2 passive
no rip dmz2 default
route outside 0.0.0.0 0.0.0.0 164.51.19.129 1
route inside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet 192.168.0.0 255.255.0.0
telnet timeout 5
terminal width 80
I have the config wide open until I have connectivity then will lock down.
I can ping the DMZ from the outside interface, can access the web server on the DMZ from the outside interface, have full connectivity from inside to outside, but I cannot access web server from beyond the outside interface to the DMZ. DNS is resolving the name. I can ping, but no port 80 connectivity.
Does anyone see anything in the config that is the problem, thanks for the help,
Rkmorrow
PIX Version 4.4(9)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz1 security10
nameif ethernet3 dmz2 security15
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd TzkqujMsGHiVHPDV encrypted
hostname pwdb_pix
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
pager lines 24
logging on
no logging timestamp
no logging console
no logging monitor
no logging buffered
no logging trap
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
interface ethernet3 auto
mtu outside 1500
mtu inside 1500
mtu dmz1 1500
mtu dmz2 1500
ip address outside 164.51.19.130 255.255.255.192
ip address inside 192.168.1.2 255.255.255.0
ip address dmz1 192.168.254.1 255.255.255.0
ip address dmz2 127.0.0.1 255.255.255.255
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address dmz1 0.0.0.0
failover ip address dmz2 0.0.0.0
arp timeout 14400
global (outside) 1 164.51.19.131
global (dmz1) 1 192.168.254.254
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (dmz1,outside) 164.51.19.132 192.168.254.2 netmask 255.255.255.255 0 0
conduit permit icmp host 164.51.19.132 any
conduit permit tcp host 164.51.19.132 eq conduit permit icmp any any
outbound 1 permit 192.168.0.0 255.255.0.0 80 tcp
outbound 1 permit 192.168.0.0 255.255.0.0 443 tcp
outbound 1 permit 192.168.0.0 255.255.0.0 110 tcp
outbound 1 permit 192.168.0.0 255.255.0.0 25 tcp
outbound 1 permit 192.168.0.0 255.255.0.0 21 tcp
outbound 1 permit 192.168.0.0 255.255.0.0 53 ip
outbound 2 permit 192.168.254.0 255.255.0.0 53 ip
outbound 2 permit 192.168.254.0 255.255.0.0 25 tcp
apply (inside) 1 outgoing_src
apply (dmz1) 2 outgoing_src
no rip outside passive
no rip outside default
no rip inside passive
no rip inside default
no rip dmz1 passive
no rip dmz1 default
no rip dmz2 passive
no rip dmz2 default
route outside 0.0.0.0 0.0.0.0 164.51.19.129 1
route inside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet 192.168.0.0 255.255.0.0
telnet timeout 5
terminal width 80