PIX 515E and access-list problem

Hello all

I'm newbie in using PIX firewalls. It is a 515E and the software is 6.3

I have a server in a DMZ with an application (server1). Today, this server accesses an inside server (server2) with http.

I have an access-list for this rule wich works fine : access-list acl-dmz line 2 permit tcp host server1 host server2 eq www (hitcnt=63)

I want to redirect this http application from server2 to server3, a new one which is inside.

So I added the same rule for this server : access-list acl-dmz line 20 permit tcp host server1 host server3 eq www (hitcnt=0)

But I still cant access server3 from server1 with an ftp on port 80.

In the logs, I have :

106023: Deny tcp src dmz:server1/1457 dst inside:server3/80 by access-group "acl-dmz"

Can someone tell me why the rule is not applied and how I can make it works.



Reply to
Loading thread data ...

We would need to see the rest of the access-list acl-dmz.

You my have a line between line 2 and 20 that denies the traffic before it reach line 20.

Try to move line 20 to line 3

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.