Hello,
I guess this setup is getting too convoluted as I cannot seem to find the problem.
For some reason i cannot seem to figure out why my DMZ cannot get access to the internet. Inbound to the DMZ is working fine but I don't have any kind of outbound access. We are using PAT on the outside interface.
Note: we have 5 static ip' .42-.46
Can some expert please help me with this one.
Thanks!!!!
The setup is like so.
Router ***.***.223.41
Outside Pix ***.***.223.42 DMZ Pix 192.168.4.251 Webserver 192.168.4.1
access-list outside_access_in extended permit tcp any host
***.***.223.42 eq 338 9 access-list outside_access_in extended permit tcp any host ***.***.223.42 eq smtp access-list outside_access_in extended permit tcp any host ***.***..223.42 eq https access-list outside_access_in extended permit tcp any host ***.***.223.44 eq www access-list outside_access_in extended permit tcp any host ***.***.223.44 eq smtp access-list outside_access_in extended permit tcp any host ***.***.223.46 eq 9003 access-list outside_access_in extended permit tcp any host ***.***.223.46 eq 9002 access-list outside_access_in extended permit tcp any host ***.***.223.46 eq 9001 access-list outside_access_in extended permit tcp any host ***.***.223.43 eq www access-list outside_access_in extended permit tcp any host ***.***.223.43 eq https access-list outside_access_in extended permit tcp any host ***.***.223.44 eq https access-list outside_access_in extended permit tcp host ***.***..232.253 host ***.***.223.44 eq ftp access-list outside_access_in extended permit tcp any host ***.***.223.43 access-list outside_access_in extended permit tcp any host ***.***.223.43 eq domain access-list outside_access_in extended permit tcp any host ***.***.223.44 eq ftp access-list RemoteVPN extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list MSVPN extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list DMZ_To_Inside extended permit tcp host website host Exchange eq smtp access-list DMZ_To_Inside extended permit icmp any any access-list DMZ_To_Inside extended permit tcp host website host Exchange eq https access-list DMZ_To_Inside extended permit tcp host website host AxSQLOr1 eq 1433 arp timeout 14400 global (outside) 200 interface nat (DMZ) 200 192.168.4.0 255.255.255.0 nat (Inside) 0 access-list VPN nat (Inside) 200 0.0.0.0 0.0.0.0 static (Inside,outside) tcp interface 3389 192.168.0.1 3389 netmask 255.255.255.255 static (Inside,outside) tcp ***.***.223.42 smtp Exchange smtp netmask 255.255.255.255 static (Inside,outside) tcp interface https Exchange https netmask 255.255.255.255 static (DMZ,outside) tcp ***.***.223.46 9004 SecSvr2 9004 netmask 255.255.255.255 static (DMZ,outside) tcp ***.***.223.44 smtp website smtp netmask 255.255.255.255 static (DMZ,outside) tcp ***.***.223.43 https website https netmask 255.255.255.255 static (DMZ,outside) tcp ***.***.223.43 www website www netmask 255.255.255.255 static (DMZ,outside) tcp ***.***.223.44 www website 81 netmask 255.255.255.255 static (DMZ,outside) tcp ***.***.223.46 9002 SecSvr2 9002 netmask 255.255.255.255 static (DMZ,outside) tcp ***.***.223.46 9001 SecSvr2 9001 netmask 255.255.255.255 static (DMZ,outside) tcp ***.***.223.44 https website 444 netmask 255.255.255.255 static (DMZ,outside) tcp ***.***.223.44 ftp website ftp netmask 255.255.255.255 static (Inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 access-group outside_access_in in interface outside access-group DMZ_To_Inside in interface DMZ route outside 0.0.0.0 0.0.0.0 ***.***.223.41 1Thanks again.