https://community.cisco.com/t5/network-security/pix-setup-question/m-p/185086#M616739 <HTML><HEAD></HEAD><BODY><P>static forwarding should not stop the vpn from working. What precisely is the static command you are trying to use? </P><P></P><P>Is sounds like the proxy server might have a problem, or perhaps your bandwidth utilization is high. PIXen really don't get involved in http traffic unless you have websense/n2h2 filtering enabled, or have java/activex blocking. Have you checked your connection counts on the pix? What model do you have? How many users use the proxy server?</P></BODY></HTML> Mon, 23 Jun 2003 18:30:13 GMT mostiguy 2003-06-23T18:30:13Z https://community.cisco.com/t5/network-security/pix-setup-question/m-p/185085#M616733 <P>Hi,</P><P></P><P>Is there anything wrong with this setup. I have two legal ip addresses. One for the router and one for the external int of the pix. I need to have a nat 1 command for the entire internal network (this is not used yet but is setup). I need a static for the mail/www server "static (inside,outside) interface 10.0.0.2" so to speak. I need to allow in www,443 and 25 to this interface. I also need to allow microsoft vpn and cisco vpn. I have realised that I cannot create the above static as it stops the vpn from working so I have created 3 "static (inside,outside) interface 25 10.0.0.2 25" commands and then bound the access-list to the external interface. It all works but I am finding that internet on the desktops (that is via the proxy server 10.0.0.2) is seeming to hang every now and again - you can browse into a web page to about 4 layers and then nothing happens. If you close and reopen IE it works fine again.</P><P>Im pretty sure the clients are ok as this setup was just a static for the 10.0.0.2 machine (no vpn, nat and inbound ports) before and all worked fine,</P><P></P><P>I would appreciate any idea's anyone has</P><P></P><P>Thanks for your time</P><P></P><P>Andy.</P> Fri, 21 Feb 2020 06:48:54 GMT https://community.cisco.com/t5/network-security/pix-setup-question/m-p/185085#M616733 agoodwin 2020-02-21T06:48:54Z https://community.cisco.com/t5/network-security/pix-setup-question/m-p/185086#M616739 <HTML><HEAD></HEAD><BODY><P>static forwarding should not stop the vpn from working. What precisely is the static command you are trying to use? </P><P></P><P>Is sounds like the proxy server might have a problem, or perhaps your bandwidth utilization is high. PIXen really don't get involved in http traffic unless you have websense/n2h2 filtering enabled, or have java/activex blocking. Have you checked your connection counts on the pix? What model do you have? How many users use the proxy server?</P></BODY></HTML> Mon, 23 Jun 2003 18:30:13 GMT https://community.cisco.com/t5/network-security/pix-setup-question/m-p/185086#M616739 mostiguy 2003-06-23T18:30:13Z https://community.cisco.com/t5/network-security/pix-setup-question/m-p/185087#M616811 <HTML><HEAD></HEAD><BODY><P>I have:</P><P></P><P>nat (inside)1 10.0.0.0 255.255.0.0</P><P>global (outside) 1 interface</P><P>static (inside,outside) 1.1.1.1 25 10.0.0.2 25</P><P>static (inside,outside) 1.1.1.1 80 10.0.0.2 80</P><P>static (inside,outside) 1.1.1.1 443 10.0.0.2 443</P><P>access-list 101 permit tcp any host 1.1.1.1 eq smtp</P><P>access-list 101 permit tcp any host 1.1.1.1 eq http</P><P>access-list 101 permit tcp any host 1.1.1.1 eq 443</P><P>access-group 101 in interface outside</P><P></P><P>plus settings to allow pptp and cisco client to connect on 1.1.1.1</P><P></P><P>It all works including the vpn (apologies if I have written it down wrong as its from the top of my head but you get the idea) I was just wondering whether there was something strange happening with the nat command maybe?</P><P></P><P>The problem is just www browsing appears to timeout or something?</P><P></P><P>Thanks for your reply,</P><P></P><P>cheers</P><P>Andy</P></BODY></HTML> Mon, 23 Jun 2003 20:01:03 GMT https://community.cisco.com/t5/network-security/pix-setup-question/m-p/185087#M616811 agoodwin 2003-06-23T20:01:03Z