PIX 501 static entry disconnects internet and vpn

[vdinenna]

Hi All. This is my first post.

I have to give access to a 3rd party to an internal server.
I entered this static entry:

static (inside, outside) 192.199.1.2 172.16.39.4 netmask 255.255.255.255 0 0

Soon after I enter it, the internet and VPN connection go down. I don't even have a chance to enter the access-list.

Is it superceeding another rule or entry? I don't understand, since everything I read say this is how to allow a lower to high interface access.

Any help would be greatly appreciated,

Vince

 

[NetworkGhost]

What IP address are you assigning to the server for an outside IP? Is it the same as your external interface?

 

[vdinenna]

Hi NetworkGhost,

It was the external address of the PIX. I then tried the dynamic IP and the internet stayed up. However, the traffic will not pass. PcAnywhere needs to get to the internal network. I set two access-lists for host/port, both data and status, 5631 and 5632 resepctively. This did not work.

Telnet to internet IP and ports did not work. Could it be the router that blocked communications?

The IP on the outside of the PIX is private. It comes from the modem. Can this be the issue?

Thanks for the reply,

Vince

 

[NetworkGhost]

You need to change your static

static (inside, outside) tcp interface 65301 172.16.39.4 65301 netmask 255.255.255.255 0 0

static (inside, outside) udp interface 22 172.16.39.4 22 netmask 255.255.255.255 0 0

You may want to double check the ports

 

[vdinenna]

Thanks again NG,

The port 5631 & 5632 is for a newer version of pcAnywhere.
We're using version 11.5.

See:

http://www.nthelp.com/NT6/pcanywhere_ip_port_usage.htm

I do have a question about the static format. The "interface" command, does that refer to the IP of the interface or is actually understood when it is entered as "interface"?

Thanks again,

Vince

 

[NetworkGhost]

It is the IP of the interface.