Here is my current cofiguration with VPN passing thru to my win2000 server working. The only problem is after the first person connects to the VPN from outside the router the PIX blocks all other incoming connections on all other ports. Can anyone see what is wrong in this config? I got the configuration instructions from CISCO's website. P.S. I just inherited this network and I will be reconfiguring the PIX eventually. Thanks for all your help.
PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 13HY8snInXEU2fko encrypted passwd UPLayIZ6RWdm7./5 encrypted hostname Brokaw-fw domain-name apk.net fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 name name 207.188.0.0 Real_Player name 192.168.1.8 DC1 access-list 101 permit tcp any host 206.183.7.51 eq www access-list 101 permit tcp any host 206.183.7.51 eq pop3 access-list 101 permit tcp any host 206.183.7.51 eq smtp access-list 101 permit tcp any host 206.183.7.51 eq ssh access-list 101 permit tcp any host 206.183.7.51 eq https access-list 101 permit tcp any host 206.183.7.51 eq ftp access-list 101 permit tcp any host 206.183.7.51 eq ftp-data access-list 101 permit icmp any any access-list 101 permit tcp any host 206.183.7.51 eq 3389 access-list 101 permit tcp any host 206.183.7.51 eq 8080 access-list 101 permit tcp any host 206.183.7.51 eq 1723 access-list 101 permit tcp any host 206.183.7.51 eq 2121 access-list 101 permit gre any host 206.183.7.51 access-list inside_access_in permit ip any any pager lines 24 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 206.183.7.50 255.255.255.248 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location 192.168.1.2 255.255.255.255 inside pdm location 192.168.1.7 255.255.255.255 inside pdm location 207.54.133.252 255.255.255.255 outside pdm location 192.168.1.209 255.255.255.255 inside pdm location Real_Player 255.255.0.0 outside pdm location 192.168.1.6 255.255.255.255 inside pdm location DC1 255.255.255.255 inside pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 192.168.1.0 255.255.255.0 0 0 static (inside,outside) tcp 206.183.7.51 www 192.168.1.7 www netmask
255.255.255 .255 0 0 static (inside,outside) tcp 206.183.7.51 135 192.168.1.7 135 netmask 255.255.255 .255 0 0 static (inside,outside) tcp 206.183.7.51 pop3 192.168.1.7 pop3 netmask 255.255.2 55.255 0 0 static (inside,outside) tcp 206.183.7.51 smtp 192.168.1.7 smtp netmask 255.255.2 55.255 0 0 static (inside,outside) tcp 206.183.7.51 3389 192.168.1.6 3389 netmask 255.255.2 55.255 0 0 static (inside,outside) tcp 206.183.7.51 8080 192.168.1.4 8080 netmask 255.255.2 55.255 0 0 static (inside,outside) tcp 206.183.7.51 ssh 192.168.1.7 ssh netmask 255.255.255 .255 0 0 static (inside,outside) tcp 206.183.7.51 ftp 192.168.1.7 ftp netmask 255.255.255 .255 0 0 static (inside,outside) tcp 206.183.7.51 ftp-data 192.168.1.7 ftp-data netmask 2 55.255.255.255 0 0 static (inside,outside) tcp 206.183.7.51 2121 192.168.1.7 2121 netmask 255.255.2 55.255 0 0 static (inside,outside) tcp 206.183.7.51 1723 192.168.1.6 1723 netmask 255.255.2 55.255 0 0 static (inside,outside) 206.183.7.51 192.168.1.6 netmask 255.255.255.255 0 0 access-group 101 in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 206.183.7.49 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL aaa authentication http console LOCAL aaa authentication serial console LOCAL aaa authentication enable console LOCAL http server enable http 192.168.1.7 255.255.255.255 inside http 192.168.1.209 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community apk-48 no snmp-server enable traps floodguard enable no sysopt route dnat telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh 207.54.133.252 255.255.255.255 outside ssh timeout 5