Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ERROR - Pix 515 V 6.2

Status
Not open for further replies.
jacobauskas

jacobauskas

Technical User
Mar 11, 2002
28
0
0
BR
Friends,

At the interface INSIDE, i have webserver if the ip 200.218.30.XX.
My configuration is:

interface inside sec level 100
interface outside sec level 0

static (inside,outside) 200.218.30.XX 200.218.30.XX netmask 255.255.255.255 0 0

access-list inside_access_in permit ip host 200.218.30.XX any

access-list outside_access_in permit ip any host 200.218.30.XX


%PIX-6-302014: Teardown TCP connection id for interface:real-address/real-port to interface:real-address/real-port duration hh:mm:ss bytes bytes [reason] [(user)]

I received TCP RESET-0 when i try access the webserver on destination port 80; in the RESET-O is from outside interface, but I don't know how to pass the all traffic for the webserver in the interface insisde.

Thanks


Jacobauskas
 
Sort by date Sort by votes
Have you thought about using a NAT (0) statement?

It looks as if you want the address to be the same whether inside or outside. What are you trying to accomplish? Chuck, MCSE
 
Upvote 0 Downvote
HI.

> I received TCP RESET-0 when i try access the webserver on destination port 80; in the RESET-O is from outside interface, but I don't know how to pass the all traffic for the webserver in the interface insisde.

I didn't understand the question here.
TCP RESET-O seems resonable to me. The client ends the session after getting the data it requested.

So, what is the question?
Please rephrase and provide additional info.

Bye

Yizhar Hurwitz
 
Upvote 0 Downvote
Friends,


My question is easy.
I have a in my inside network and I need to configure de pix firewall do pass all traffic, any host for the OUTSIDE to INSIDE ( In my configuration, when the host outside request the (inside), i have problems. In the DEBUG the message is:%PIX-6-302014
How do I configure to pass all traffic from de outside to inside ?


WEBSERVER IP:200.218.30.XX


This is my configuration:

Result of PIX command: "write term"

Building configuration...
: Saved
:
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname Pix-515
domain-name aui.com
clock timezone BRT -3
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
access-list inside_access_in permit ip host 200.218.30.XX any
access-list outside_access_in permit ip any host 200.218.30.XX
pager lines 24
logging on
logging console debugging
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 172.18.8.1 255.255.248.0
ip address inside 172.18.0.100 255.255.248.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pdm history enable
arp timeout 14400
nat (inside) 0 192.168.0.0 255.255.255.0 0 0
nat (inside) 0 192.168.128.0 255.255.255.0 0 0
static (inside,outside) 200.218.30.XX 200.218.30.XX netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 172.18.8.100 1
route inside 200.218.30.XX 255.255.255.255 172.18.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 60
ssh timeout 5
terminal width 80


Thanks!!

Jacobauskas
 
Upvote 0 Downvote
HI.

> ip address outside 172.18.8.1 255.255.248.0
> route outside 0.0.0.0 0.0.0.0 172.18.8.100

You're using private ip addresses, and probably have another NAT/proxy/firewall between the pix and the ISP.

You should recheck the whole ip addressing, subnets, routing and NAT implementation on your network.

Posting your config is a good step, now please provide:
More details about the network configuration.
What exactly did you do to test?
On which host?
What were the results (not only syslog debug messages, but what did the client see)?
How is routing configured?
What is the default gateway of the web server?
What is the default gateway of other hosts?
How is routing configured?
How is NAT implemented?

Is this an internal web server for internal hosts only?
Or is it for public access?

There are some strange things in your pix config, for example those "nat (inside) 0 192.168.0.0 " statements without related "route inside" statement, but before going to the pix config, I think that you should stop and go back to the planning stage, and have a solid plan for your ip network that you're going to implement.

If I got something wrong here, please advice.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Hi,



The question is the same. How to configure pix firewall to pass ALL TRAFFIC to the websrerver in ther inside interface ? Wich commands i need to use to do this? Because i try if de command if you see in my configuration at the last e-mail.
The webserver ip is 200.218.30.XX.
The webserver is good, access internet and i use the command ping:

the webserver to internet- ping IT'S OK!!!!
the internet to webserver- it's ok!!!!

But i don't pass traffic to the destination port 80, to the webserver.
When i try access from the internet to the webserser HTTP request, the pix firewall block!!! I receive the message TCP RESET 0.

I have problem's at the connection from outside interface to inside interface on destination address 200.218.30.XX/80.

I need to configure to pass ALL TRAFFIC to DESTINATION ADDRESS 200.218.30.XX any port!!!!
Only this!!
I use access-list's and nat static, but don't work fine in connection's from outside to inside.
Connection inside for outside from the to the internet it's works fine!

THANK YOU VERY MUCH.

Jacobauskas
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
140
Johnkite
Johnkite
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
35
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
42
brownmab53
brownmab53
pbxnkey
  • Locked
  • Question
Cisco ASA VPN using Windows Client-Error 691
Replies
1
Views
53
pbxnkey
pbxnkey
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
146
intel233
intel233

Part and Inventory Search

Sponsor

Back
Top