08-11-2007 02:02 PM - edited 03-11-2019 03:56 AM
Greetings
Attached is my sample network security setup. My network is actually closed network which is not connected to outside world but We are attached to the number of untrusted networks but my requirement is to provide the connection based on host to host communication.
In this regard I am facing the problem with the PIX Firewall.
If i issue the command
access-list 101 extended permit tcp host 192.168.100.1 host 172.16.2.29 eq 6002
(i m using the 172.16.2.29 as a static NAT address for the 192.168.100.1 address)
than the communication didn't go through the firewall but if i issue the command
access-list 101 extended permit tcp any host 172.16.2.29 eq 6002
than everything works fine and communication is done without any issue.
The Pix Firewall version i am using is 7.1(1)
Please keep in mind that i have used only one as a sample, the same applies for the other untrust hosts. I am facing the same problem.
Thanks in advance for the answer.
Mansoor
08-11-2007 05:42 PM
Since you are Static natting you need to allow traffic to the pre-Nat'd IP (host visible to other hosts)
what is the source address of the host that will initiate the traffic to 172.16.2.29 on port 6002?
08-12-2007 01:44 AM
The source address that will always initiate the traffic for 172.16.2.29 is 172.16.2.22.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide