Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

No outbound connection

Status
Not open for further replies.
minxca

minxca

Technical User
Apr 25, 2003
576
CA
Hi,

This is my first time working with PIX, after few hours try to setup, i can make it half work. Here is my problem:

Access from outside to server inside is ok(HTTP,SMTP,POP# & RPC), but client & server inside the firewall can't connect to internet.

I can send email to my own domain, but when i try to send email to external domain, the email stuck on the server.

Ping only work from console to local interface and server behind firewall

PIX Version 6.0(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password VjAYAuXOneghqltw encrypted
passwd VjAYAuXOneghqltw encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
names
access-list 102 permit tcp any host 192.168.1.10 eq www
access-list 102 permit tcp any host 192.168.1.10 eq smtp
access-list 102 permit tcp any host 192.168.1.10 eq pop3
access-list 102 permit tcp any host 192.168.1.10 eq 135
access-list 102 permit tcp any host 192.168.1.10 range 1024 65535
access-list 102 permit udp any host 192.168.1.10 eq domain
access-list 102 permit icmp any host 192.168.1.10 echo
pager lines 24
logging on
interface ethernet0 10baset
interface ethernet1 10baset
mtu outside 1500
mtu inside 1500
ip address outside 192.168.1.10 255.255.255.0
ip address inside 192.168.5.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 600
global (outside) 1 192.168.1.9
static (inside,outside) interface 192.168.5.2 netmask 255.255.255.255 0 0
access-group 102 in interface outside
access-group 50 in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
no sysopt route dnat
service resetinbound
isakmp identity address
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:40e2ea8f21dc820322e9c6c9f2481ade

Thanks,
Winoto
 
Sort by date Sort by votes
Hi Guys, it's OK now, I just need to change my global and the gateway.
BTW when we open port 135 for exchange is it secure? Because I have to open port 1024-65535, Do I need to reduce the time out for these ports and how?

Thanks,

Winoto
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
194
mcisar
mcisar
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
130
Garbear
Garbear
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
576
nnaarrnn
nnaarrnn
jfp23
  • Locked
  • Question
ASA 5512x 9.3 version Outbound connection issues
Replies
0
Views
106
jfp23
jfp23
NoCoolHandle
  • Locked
  • Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
135
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top