12-02-2003 12:53 AM - edited 02-20-2020 11:07 PM
Hello,
I'm sending part of my PIX configuration (ver 6.3(1)) .Users from Inside the Network (secure ) can't able to access the Internet through PIX where as if they are directly connected to Router byepassing PIX , they can . From PIX , I can able to ping the Router Interface (212.100.211.29 ).We want users located in subnet 192.178.1.0 to be able to browse the Internet through PIX .
ip address outside 212.100.211.30 255.255.255.252
ip address inside 192.178.1.201 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 212.100.211.29
12-02-2003 02:11 AM
Hi
Is this your real IP addresses? First of all, do not reveal your real IP addresses here. It could open your network to more threats.
Other than assigning IP addresses to the interfaces, you should have Address translations (NAT, Static etc) and proper access-lists configured on your PIX Firewall to make it work for you.
If you have already done so, could you post your configuration? (of course by faking your real IP addresses!)
Regards
Anoop K Narayanan
NICBM Kuwait
12-02-2003 03:01 AM
Thanks Anoop .It's a fake address only .Below are the access-list (a.b.c.d is a real IP ).
access-list inside permit tcp any host a.b.c.d eq http
access-list inside permit udp any host a.b.c.d eq http
static (o,i ) 192.178.1.0 a.b.c.d netmask 255.255.255.255
12-02-2003 07:08 AM
Why would you have to apply an ACL to the inside interface to allow outbound http traffic? Isn't all outbound traffic from a higher security interface allowed to a lower security interface?
12-02-2003 07:20 AM
Hi -
Can you pls provide your full pix config either here or ofline to me directly at jmia@ohgroup.co.uk - Pls remember to change passwords and real IPs etc.
Thanks - Jay.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide