https://community.cisco.com/t5/network-security/pix/m-p/1306762#M858361 <P>PIX-501</P><P>PIX Firewall Version 6.3(4)</P><P>PIX Device Manager Version (3.0(2)</P><P></P><P>Here's what I want to accomplish...</P><P></P><P>Internal network = 192.168.1.0</P><P>Remote network = 12.34.56.0</P><P></P><P>Need remote machine (12.34.56.78) to connect through PIX to local machine (192.168.1.1). Remote network is directly connected to PIX via Cat-5.</P><P></P><P>How do I configure the PIX to allow this?</P><P></P><P>Thanx.</P> Mon, 11 Mar 2019 15:59:30 GMT david 2019-03-11T15:59:30Z https://community.cisco.com/t5/network-security/pix/m-p/1306762#M858361 <P>PIX-501</P><P>PIX Firewall Version 6.3(4)</P><P>PIX Device Manager Version (3.0(2)</P><P></P><P>Here's what I want to accomplish...</P><P></P><P>Internal network = 192.168.1.0</P><P>Remote network = 12.34.56.0</P><P></P><P>Need remote machine (12.34.56.78) to connect through PIX to local machine (192.168.1.1). Remote network is directly connected to PIX via Cat-5.</P><P></P><P>How do I configure the PIX to allow this?</P><P></P><P>Thanx.</P> Mon, 11 Mar 2019 15:59:30 GMT https://community.cisco.com/t5/network-security/pix/m-p/1306762#M858361 david 2019-03-11T15:59:30Z https://community.cisco.com/t5/network-security/pix/m-p/1306763#M858363 <HTML><HEAD></HEAD><BODY><P>Create a static-</P><P></P><P>static (inside,outside) [outside ip] 192.168.1.1 netmask 255.255.255.255</P><P></P><P>Then add an entry in your ACL to allow the ports in.</P><P></P><P>access-list outside_access permit tcp host 12.34.56.78 host [outside ip] eq 80</P><P></P><P>The [outside ip] should be in the same subnet as your outside interface (I believe it's 12.34.56.x).</P><P></P><P>Hope that helps.</P></BODY></HTML> Mon, 27 Jul 2009 18:24:36 GMT https://community.cisco.com/t5/network-security/pix/m-p/1306763#M858363 Collin Clark 2009-07-27T18:24:36Z https://community.cisco.com/t5/network-security/pix/m-p/1306764#M858365 <HTML><HEAD></HEAD><BODY><P>Hmm...must be missing something. I've attached my config. Thanx.</P><P></P><P> </P><P></P></BODY></HTML> Mon, 27 Jul 2009 18:44:16 GMT https://community.cisco.com/t5/network-security/pix/m-p/1306764#M858365 david 2009-07-27T18:44:16Z https://community.cisco.com/t5/network-security/pix/m-p/1306765#M858368 <HTML><HEAD></HEAD><BODY><P>Looks good. Sometimes you have to do a clear xlate before it will work. Note that a clear xlate will clear all NAT translations! Also check the hit counts on the ACL.</P></BODY></HTML> Mon, 27 Jul 2009 18:51:04 GMT https://community.cisco.com/t5/network-security/pix/m-p/1306765#M858368 Collin Clark 2009-07-27T18:51:04Z https://community.cisco.com/t5/network-security/pix/m-p/1306766#M858371 <HTML><HEAD></HEAD><BODY><P>Yeah, I've completely cleared and reloaded the config, but it is still not working. the client from the remote network, 10.20.30.40 cannot connect to the client on the local network 192.168.1.1. The remote network is directly connected to the PIX via CAT5 run. Thanx again.</P></BODY></HTML> Mon, 27 Jul 2009 18:52:52 GMT https://community.cisco.com/t5/network-security/pix/m-p/1306766#M858371 david 2009-07-27T18:52:52Z https://community.cisco.com/t5/network-security/pix/m-p/1306767#M858373 <HTML><HEAD></HEAD><BODY><P>Can you throw a little diagram together w/IP's (hide any public)? I thought the client was local on the outside interface? Any hits on the ACL?</P></BODY></HTML> Mon, 27 Jul 2009 18:55:42 GMT https://community.cisco.com/t5/network-security/pix/m-p/1306767#M858373 Collin Clark 2009-07-27T18:55:42Z https://community.cisco.com/t5/network-security/pix/m-p/1306768#M858374 <HTML><HEAD></HEAD><BODY><P>Take a look at the attached image. I tried to make it as accurate as possible. The rules on the PIX allow all traffic from the 10.20.30.0 network. The rules on the 2600 only allow traffic from the 10.20.30.0 network through, one-way, toward the 192.168.1.0 network. I'm open to suggestions. This configuration worked perfectly for a number of years until the week before last. Thanx.</P><P></P><P> </P><P></P></BODY></HTML> Mon, 27 Jul 2009 20:12:31 GMT https://community.cisco.com/t5/network-security/pix/m-p/1306768#M858374 david 2009-07-27T20:12:31Z https://community.cisco.com/t5/network-security/pix/m-p/1306769#M858375 <HTML><HEAD></HEAD><BODY><P>What changed in the past two weeks that you know of? In the 2600 do you see traffic come through? Any hist on the ACL on the PIX/ASA?</P></BODY></HTML> Mon, 27 Jul 2009 20:22:08 GMT https://community.cisco.com/t5/network-security/pix/m-p/1306769#M858375 Collin Clark 2009-07-27T20:22:08Z https://community.cisco.com/t5/network-security/pix/m-p/1306770#M858376 <HTML><HEAD></HEAD><BODY><P>I am unaware of any changes in the last two weeks. Unfortunately, I have to wait to access the 2600 as I'm not on site and have forgotten the IP address. No history on the PIX.</P></BODY></HTML> Mon, 27 Jul 2009 20:23:36 GMT https://community.cisco.com/t5/network-security/pix/m-p/1306770#M858376 david 2009-07-27T20:23:36Z