Hi everybody. Glad you read my post and thank you for the time you spend here. I'm using a pix 515e with os 6.3(4). I try to access a web server on its dmz from a pc on the secure lan Her are the ips of this lans : secure 192.168.7.x. The pix has an ip of 192.168.7.252 on the lan. The pc has 192.168.7.12 dmz 192.168.137.x. The pix has an ip of 192.168.137.252. The web server is 192.168.137.103. (by the way the dmz uses a vlan but i don't think it causes my problem) unsecure : 192.168.47.x. The pix has the 192.168.47.252.
The unsecure zone is served by a router (ip 192.168.47.254 on the unsecure zone, and u.v.w.x on the internet). My ISP gave me the public ip a.b.c.d which is natted into 192.168.47.103 by the router. The pix nats it again into 192.168.137.103. When i try to access the web server from outside of this lan (using another site), everything works fine. However, when i try to access it from the secure zone of this lan, the pc can't access the server.
Here are what i collect from the logs when i try to access it from the secure zone of the lan :
106100: access-list inside_access_in permitted tcp inside/192.168.7.12(2163) -> outside/a.b.c.d(81) hit-cnt 1 (first hit) 305011: Built dynamic TCP translation from inside:192.168.7.12/2163 to outside:192.168.47.253/28962 302013: Built outbound TCP connection 271372 for outside:a.b.c.d/81 (a.b.c.d/81) to inside:192.168.7.12/2163 (192.168.47.253/28962) 302013: Built inbound TCP connection 271373 for outside:u.v.w.x/33462 (u.v.w.x/33462) to DMZ_WS:192.168.137.103/81 (192.168.47.103/81) 302014: Teardown TCP connection 271373 for outside:u.v.w.x/33462 to DMZ_WS:192.168.137.103/81 duration 0:00:00 bytes 0 TCP Reset-O 302013: Built inbound TCP connection 271374 for outside:u.v.w.x/33462 (u.v.w.x/33462) to DMZ_WS:192.168.137.103/81 (192.168.47.103/81) 302014: Teardown TCP connection 271374 for outside:u.v.w.x/33462 to DMZ_WS:192.168.137.103/81 duration 0:00:00 bytes 0 TCP Reset-O 302013: Built inbound TCP connection 271375 for outside:u.v.w.x/33462 (u.v.w.x/33462) to DMZ_WS:192.168.137.103/81 (192.168.47.103/81) 302014: Teardown TCP connection 271375 for outside:u.v.w.x/33462 to DMZ_WS:192.168.137.103/81 duration 0:00:00 bytes 0 TCP Reset-OWhen i try to access the web server from outside of this lan (using another site), i collect :
106100: access-list outside_access_in permitted tcp outside/193.251.10.191(11106) -> DMZ_WS/192.168.47.103(81) hit-cnt 1 (first hit) 302013: Built inbound TCP connection 271385 for outside:193.251.10.191/11106 (193.251.10.191/11106) to DMZ_WS:192.168.137.103/81 (192.168.47.103/81) 106100: access-list outside_access_in permitted tcp outside/193.251.10.191(11107) -> DMZ_WS/192.168.47.103(81) hit-cnt 1 (first hit) 302013: Built inbound TCP connection 271386 for outside:193.251.10.191/11107 (193.251.10.191/11107) to DMZ_WS:192.168.137.103/81 (192.168.47.103/81)I think the 302014: Teardown TCP connection is the problem but i don't know how to solve this issue... Thanks again