So does the web server have its default gateway set to the internal IP of the PIX or is it using the watchguard as its default gateway. Is the watchguard inline with the PIX, could it possibly be blocking the incoming requests?
So does the web server have its default gateway set to the internal IP of the PIX or is it using the watchguard as its default gateway. Is the watchguard inline with the PIX, could it possibly be blocking the incoming requests?
I removed those settings as well. Still nothing.
The server I am trying to reach is on the PIX network and has that device set as the default gateway. That was I thought originally was the problem. The two firewalls are on separate lines and have separate public interfaces. I am able to get to the outside from behind the PIX from the server and my machine. I am pretty sure that the watchguard isn't effecting the other firewall.
Ken,
Try this, issue a 'show xlate' command, it will list current translations in the NAT table, in the list look for an entry such as:
PAT Global External IP(443) Local 10.0.1.200(443)
This will tell us if it is a NAT issue or an ACL issue
I have port 25, 1045, 1044, 1041, 1040, 1031 but no 80 or 443. Which could be a problem.
Ah!
I assume you have some extra IP address? If so could you try this...
access-list outside_access_in_1 permit tcp any host eq 25
access-list outside_access_in_1 permit tcp any host eq 80
access-list outside_access_in_1 permit tcp any host eq 443
then place these:
static(inside,outside) tcp smtp 10.0.1.200 smtp netmask 255.255.255.255
static(inside,outside) tcp 80 10.0.1.200 80 netmask
255.255.255.255static(inside,outside) tcp 443 10.0.1.200 443 netmask 255.255.255.255
access-group outside_access_in_1 in interface outside
Before doing this remove any existing ACL or static statements, also remove the nat (inside) 0 inside_nat0 statement.
You can simplify and do a full static (all ports) if you have available IPs on the outside.
static (inside,outside) 12.190.141.214 10.0.1.200 netmask
255.255.255.255Then clear xlate and see what IP your web server is using with a tool like whatsmyip.
It should report that the web server is at 12.190.141.214. I assume the web server is working on the inside, so not a web server problem, and that it is listening on port 80 for the IP of 10.0.1.200.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.