Hi cant figure it out what I´m doing wrong .... Cant get the inside net to go out on the internet please check my config. it works if I add this to the config. "access-list outside_access_in permit ip any any"
but isnt that dangerus ?
my config:
Building configuration... : Saved : PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100
---"password removed"---- hostname 3531 domain-name ---removed---- clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names name 192.0.0.0 Electra_net name 192.168.244.140 Server name 10.10.10.2 IP_VX object-group service scc tcp port-object range 1723 1723 port-object range 3389 3389 object-group service VOIP udp port-object range 8002 8013 port-object range 5588 5588 port-object range 2048 2063 port-object range 8020 8027 port-object range 6254 6254 access-list inside_outbound_nat0_acl permit ip 192.168.244.128
255.255.255.192 Electra_net 255.255.255.0 access-list outside_cryptomap_20 permit ip 192.168.244.128 255.255.255.192 Electra_net 255.255.255.0 access-list outside_access_in permit tcp any object-group scc host Server object-group Datasmeden access-list outside_access_in permit tcp any eq pop3 host Server eq pop3 access-list outside_access_in permit tcp any eq https host Server eq https access-list outside_access_in permit tcp any eq imap4 host Server eq imap4 access-list outside_access_in permit udp any object-group VOIP host IP_VX object-group VOIP access-list outside_access_in permit ip any any access-list inside_IN permit ip any any access-list fsv permit ip host 193.88.44.22 any pager lines 24 interface ethernet0 10baset interface ethernet1 10full mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute retry 4 ip address inside 192.168.244.129 255.255.255.192 ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) Server Server netmask 255.255.255.255 0 0 static (inside,outside) IP_VX IP_VX netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http 195.67.82.163 255.255.255.255 outside http 192.168.244.128 255.255.255.192 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps no floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto map outside_map 20 ipsec-isakmp crypto map outside_map 20 match address outside_cryptomap_20 crypto map outside_map 20 set peer 195.67.82.174 crypto map outside_map 20 set transform-set ESP-DES-MD5 crypto map outside_map interface outside isakmp enable outside isakmp key ******** address 195.67.82.174 netmask 255.255.255.255 no-xauth no-config-mode isakmp identity address isakmp keepalive 10 10 isakmp policy 20 authentication pre-share isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 telnet timeout 5 ssh timeout 5 dhcpd address 192.168.244.130-192.168.244.135 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside terminal width 80 Cryptochecksum:cf589a15f0a80c1633094e5a7a610184 : end [OK]