Basically, a client has a PIX 516, which I'm trying to replace with a PIX 506e, simply because the 516 keeps going down and they have a spare
506e to use.The config for the 506e is attached below...
The public ip information provided is : Subnet id: 72.16.200.16 Mask: 255.255.255.240 Default gateway: 72.16.200.17 Range is 72.16.200.17 to 72.16.200.30
Currently, this is the public ip assignment: .17 default gateway .19 outside port of the PIX 516 .21 a spam firewall (just serves as the MX, then forwards to the .19, which currently translates to 192.168.10.10 via PAT on the 516 .28 attempting to use for 1-to-1 NAT for 2003 server, internal address
192.168.10.10 .29 outside port of the PIX 506e .30 3rd party serverRight now I'm just trying to get any traffic to flow from 72.16.200.28 to 192.168.10.10. I'm not sure if there is some issue with having 2 PIX's running like this. I was hoping I could get the new one running without taking down the old one, then switch over services at my convenience.
Just enabling and testing with ping's, I get no replies. If I do "debug icmp trace", I do receive this message, which seems to indicate my pings are at least hitting the router, but it seems like they're not reaching the server:
HOSTNAME # 55: ICMP echo-request from outside:67.190.51.4 to WEB-External ID=60036 seq=27648 length=40 56: ICMP echo-request: untranslating outside:WEB-External to inside:WEB-Internal
Any ideas? =========== 506e config ===================== PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname HOSTNAME domain-name DOMAINNAME fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 192.168.10.10 WEB-Internal name 72.16.200.28 WEB-External access-list outside_access_in permit icmp any any pager lines 24 logging on logging monitor debugging logging trap debugging mtu outside 1500 mtu inside 1500 ip address outside 72.16.200.29 255.255.255.240 ip address inside 192.168.10.2 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location WEB-Internal 255.255.255.255 inside pdm location WEB-External 255.255.255.255 outside pdm logging debugging 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) WEB-External WEB-Internal netmask
255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 72.16.200.17 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.10.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.10.3-192.168.10.254 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside terminal width 80