Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How can I see who is accessing the PIX+ RDC

Status
Not open for further replies.

dritani

IS-IT--Management
Apr 5, 2007
6
GB
Hi ,

1-.Running a pix firewall.
We have set up multiple RDC thru this pix allowing users to connect from different ports. Suddenly users can't RDC any more.
I can't see any thing wrong on the pix.

2-How can I see who is accessing the PIX?



Can anyone help?

Thanks
Dritani
 
Post a scrubbed config (mask passwords and middle 2 octets of public IPs.)


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Hi Brent,

Thanks for your respose.
Here is the config.

Hope this is what you asked me :) or please let me know how to get it.

Regards Dritani



User Access Verification

Password:
Type help or '?' for a list of available commands.
pix501> enable
Password: ************
pix501# show run
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password XXXXXXXXX encrypted
passwd XXXXXXXXXXX encrypted
hostname pix501adsl3
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 10.10.100.233 localout
access-list acl_in permit ip any any
access-list acl_out permit tcp any host localout eq 33042
access-list acl_out permit icmp any any
access-list acl_out permit tcp any host localout eq 33062
access-list acl_out permit tcp any host localout eq 33081
access-list acl_out permit tcp any host localout eq 33082
access-list acl_out permit tcp any host localout eq 33087
access-list acl_out permit tcp any host localout eq 33086
access-list acl_out permit tcp any host localout eq 3389
pager lines 24
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside localout 255.255.255.0
ip address inside 10.10.10.239 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp localout 33042 10.10.10.42 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp localout 33062 10.10.10.62 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp localout 33081 10.10.10.81 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp localout 33082 10.10.10.48 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp localout 33085 10.10.10.85 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp localout 33087 10.10.10.7 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp localout 33086 10.10.10.86 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp XXXX.XXXX.XXXX.XXXX 33090 10.10.10.47 3389 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
access-group acl_in in interface inside
route outside 0.0.0.0 0.0.0.0 10.10.100.234 1
route inside 172.16.10.0 255.255.255.0 10.10.10.230 1
route inside 192.168.100.0 255.255.255.0 10.10.10.230 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 10.10.10.62 /
floodguard enable
telnet 10.10.10.0 255.255.255.0 inside
telnet timeout 10
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:XXXXXX
: end
pix501#
 
If you haven't changed anything, then this should still work. Does you ISP block any traffic?

Sometimes (no one can explain why) but you need to make sure the statics and globals use the same syntax. -
You might try changing this
global (outside) 1 interface
to
global (outside) 1 [global_ip] netmask [global_netmask]

To see who is accessing the RDP clients, you can do a
sho translate
and see the ports that you have mapped and what IPs are connecting to them but you can't see logins as such because they do not terminate on the pix.



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Hi Brent,

Can you please let me know how I can change this.
Firs how can remove/delete and then to add it.

I am very new on the pix.

Thanks
Dritani
 
Go into where you were to print that and type

config t
no global (outside) 1 interface
global (outside) 1 localout netmask 255.255.255.0
wri mem
exit
reload


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Hi Brent,

I tried to make chnges that you mantioned, but receive this mesage

pix501adsl3(config)# global (outside) 1 localout netmask 255.255.255.0
ERROR: localout-localout overlaps with outside interface address.

Any idea?

Thanks
Dritani
 
You will have to set it back to the
global (outside) 1 interface

Have there been any other changes to the network? Is your ISP blocking inbound ports?


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
I just did.

No changes made recently.

Thanks Brent
 
Try the connection again after enabling logging
logging enable
logging timestamp
logging buffered debugging ***may be this on your version*** logging buffered 7

then after the connection is tried, do a
sho logg

Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Hi Brent,

Sorry that I did not understant; - wat you mantioned on your last e-mail is to sort out the RD connection or how to check who is connecting to the PIX?

Thanks
Dritani
 
hi
do the foolowing to see what ip ur going through outside

sh xlate


this command will show u the bufferied natted ip

Regards
moustafa m kaid
ccna
iraq baghdad
 
The previous one was to see what is happening and where the trouble was with them connecting.

show xlate
is to see what IP/ports are connected to your internal network.



Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top