Hello,
I have this strange problem and i can't seem to understand it. I have the following situation, i have been posting here before under the same name and subject. So you can read back. Though probably that is not needed.
Internet (Zyxel P660HW) WAN : Public IP (natted) LAN : 192.168.168.1 subnet 255.255.255.252
Cisco Pix 506e WAN : 192.168.168.2 subnet 255.255.255.252 (natted) LAN : 192.168.68.8 subnet 255.255.255.0
Internal PC LAN 192.168.68.1 subnet 255.255.255.0
Now what i want is to run several services on my PC (server) DNS, HTTP, HTTPS, RDP, VPN, FTP, SMTP, POP3. Below is the config and it is not working properly. When i want to connect from the internet wan side to my public ip address everything is dead/denied. Stealth firewalled... so nothing is responding. What i have tested and wich worked perfect, was instead of the internet router a normal pc with an webserver and ftp server running ip
192.168.168.1 subnet 255.255.255.252. From my lan i am able to open the website on the webserver and also ftp is ok. When i connect with that pc to the 192.168.168.2 on the ports like ftp, http, etc. it is connecting fine! No problems at all. I am sure it is not the Zyxel router what seems to be wrong, but when i put in place of the cisco pix a normal cable router with the same configuration it is working.Anyone any idea...??? Or do i need to bridge the connection to give the PIX a public IP...? I prefer not to do that, because of the more network/unlogic configuration...
Sincerely, Michiel
Config : Building configuration... : Saved : PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password ************passwd ************ encrypted hostname firewall domain-name test.local fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol pptp 1723 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 192.168.68.1 PC1 access-list outside_access_in permit icmp any any echo-reply access-list outside_access_in remark UDP - DNS access-list outside_access_in permit udp any any eq domain access-list outside_access_in remark TCP - DNS access-list outside_access_in permit tcp any any eq domain access-list outside_access_in remark TCP - FTP Data access-list outside_access_in permit tcp any any eq ftp-data access-list outside_access_in remark TCP - FTP access-list outside_access_in permit tcp any any eq ftp access-list outside_access_in remark TCP - HTTP access-list outside_access_in permit tcp any any eq www access-list outside_access_in remark TCP - HTTPS access-list outside_access_in permit tcp any any eq https access-list outside_access_in remark TCP - SMTP access-list outside_access_in permit tcp any any eq smtp access-list outside_access_in remark TCP - RDP access-list outside_access_in permit tcp any any eq 3389 access-list outside_access_in remark TCP - Webbased / Remote Admin access-list outside_access_in permit tcp any any range 7698 7704 access-list outside_access_in remark IP - GRE access-list outside_access_in permit tcp any any eq pptp access-list outside_access_in remark TCP - PPTP access-list outside_access_in permit gre any any pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 192.168.168.2 255.255.255.252 ip address inside 192.168.68.8 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location PC1 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 192.168.68.0 255.255.255.0 0 0 static (inside,outside) tcp interface pptp PC1 pptp netmask 255.255.255.255
0 0 static (inside,outside) tcp interface 7700 PC1 7700 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 7701 PC1 7701 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 7699 PC1 7699 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface smtp PC1 smtp netmask 255.255.255.255 0 0 static (inside,outside) tcp interface www PC1 www netmask 255.255.255.255 0 0 static (inside,outside) tcp interface domain PC1 domain netmask 255.255.255.255 0 0 static (inside,outside) udp interface domain PC1 domain netmask 255.255.255.255 0 0 static (inside,outside) tcp interface ftp PC1 ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp interface ftp-data PC1 ftp-data netmask 255.255.255.255 0 0 static (inside,outside) tcp interface https PC1 https netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 3389 PC1 3389 netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 192.168.168.1 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http 192.168.68.0 255.255.255.0 inside floodguard enable telnet 192.168.68.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 terminal width 80 : end [OK]