Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

FW1 not letting anyone through

Status
Not open for further replies.
CaspaMcNasty

CaspaMcNasty

IS-IT--Management
Aug 28, 2002
13
GB
Hi, We have FW1 installed and I have set up a web server on our internal network with a static IP address, 10.100.100.44. I have set up a NAT to 217.158.152.184 and set a rule on the firewall to let traffic from any to <servername> on tcp ports 80 and 491. internally I can see the website by either looking at 10.100.100.44, 217.158.152.184 or by using the servername. Externally we can't see jack by looking at 217.158.152.184.

Anyone got any ideas where I'm going wrong
Cheers

MC
 
Sort by date Sort by votes
Check your interface topology - ie antispoofing, and decide between static NAT and hide NAT. Do tcpdump on the external and internal interfaces of the firewall while testing the connection. Check your routing. Make sure that you have a static route if you are using pre NG release of FW-1 - or NG with backward compatibility. Also - with NAT you sometimes need a proxy ARP entry on pre-NG installs. That's enough to get you busy. Your question is rather devoid of detail, so I can only guess what might be wrong. Perhaps you should post the results of the tcpdump, and what your firewall logs say about the attempted connection.
 
Upvote 0 Downvote
a little more info would help.
i agree with the above entry check static / hide nat (use static)
if you are getting no entries on the firewall log for an outside connection try a trace route.

is your ip address range you have given in the same subnet as the firewall?
if not you will have to let the external router know to sent any trafic to the firewall.
 
Upvote 0 Downvote
I'm actually having a similar problem...

I had to change the static routes(nat) on the FW-1 (v4.1). The changes seem to have been made ok. I used the config screen on the Voyager interface but when I try to hit the websites from an external address the route seems to be going to the old NAT'd addresses.... so... I was wondering if their is a file that isn't updating correctly. I read somewhere that v4.1 doesn't update the local.arp file correctly...

sorry to piggy back my problem with yours... but they are somewhat similar.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
81
iggsterman
iggsterman
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
88
Russtoleum
Russtoleum
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
68
brownmab53
brownmab53
disturbedone
  • Locked
  • Question
proxy.pac not working correctly in IE11
Replies
0
Views
80
disturbedone
disturbedone
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
73
gbayi_omo
gbayi_omo

Part and Inventory Search

Sponsor

Back
Top