Hi all,
I have a Cisco PIX 501 firewall OS ver 6.3.5 - the configuration is simple. I have one webserver and a 2 clients behind the inside interface. For my webserver I assigned a static outside inside command so I can allow www access to it from coming into it on the outside interface (this works by the way). My clients are accessing the Internet via PAT using the global (outside) 1 interface nat (inside) 1 10.1.1.0 255.255.255 commands (this works well too). The problem though is as follows:
From my webserver I can ping and resolve websites like
Thanks - Jamie
PIX# sh run : Saved : PIX Version 6.3(5) interface ethernet0 100full interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password xxxxxxxxxxxxxx encrypted passwd xxxxxxxxxxxxxxx encrypted hostname PIX domain-name somethingnet.org clock timezone GMT/BDT 0 clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list outside_access_in permit tcp any host A.B.C.D eq www access-list outside_access_in permit tcp any host A.B.C.D eq 3395 access-list outside_access_in permit icmp any any echo-reply access-list outside_access_in permit icmp any any echo access-list outside_access_in permit icmp any any source-quench access-list outside_access_in permit icmp any any unreachable access-list outside_access_in permit icmp any any time-exceeded pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside X.Y.Z.W 255.255.255.248 ip address inside 10.1.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location 10.1.1.2 255.255.255.255 inside pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 10.1.1.0 255.255.255.0 0 0 static (inside,outside) A.B.C.D 10.1.1.2 netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 E.F.G.H 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 10.1.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 10.1.1.0 255.255.255.0 inside telnet timeout 10 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 console timeout 0 terminal width 80 Cryptochecksum:c80d27094430147d0a4b880c90e62422 : end