Some users can't pass PIX

[afrugone]

I've a local lan with about 150 users, a PIX firewall 515R with PIX Version 6.2(2), with 3 interfaces one to internet and the other to our corporate network.

The problem is that some users can not access the corporate network, if I reset the PIX (reload) they have no problem, but other users begin to have the same problem.

Any help will be appreciated

Thanks

 

[Qamgine]

Some things to check -

Do a show interface to verify that all three interfaces are up and up.

In your routes, make sure you are routing correctly between the interfaces.

Check to make sure that interface1 can hit both interface2 and interface3, that interface2 can hit both interface1 and interface3, and that interface3 can hit both interface1 and interface2.

Make sure that your access-list isn't denying traffic based on a rule you have set.

Without seeing the current configuration it's difficult to say what might be causing the problem. This is a place to start at least.

 

[baddos]

Are you using NAT to the corporate network? Please post your config.

 

[yizhar]

HI.

As baddos suggested, it could be related to NAT.
You can use PAT on the interface going to corporate network, something like:

global (???) ? interface
OR:
global (???) ? x.x.x.x

You probably now have something like this:
global (???) ? x.x.x.a-x.x.x.b
which allows a limitted number of only b-a+1 hosts ...

Bye


Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar