06-08-2009 02:23 AM - edited 03-11-2019 08:40 AM
I have been asked to a PIX 501 between our lan and a database server (on the same lan) to allow access to certain ports.
I have configured it with two test PCs and set up a rule to allow RDP but I cannot get access.
I have attached the running config and a basic diagram of the test setup if someone could tell me where I am going wrong I would be grateful.
06-08-2009 03:03 AM
James
I can't view the diagram (perhaps post as .jpg/.png) but from the config i am confused.
Your 2 pc's are
name 192.168.1.52 TestPC
name 192.168.1.2 TestPC2
your pix interfaces are
ip address outside 192.168.0.1 255.255.255.0
ip address inside 192.168.1.144 255.255.255.0
so both your PC's are on the same network ie. 192.168.1.x. So they will not go through the pix to communicate with each other. If you have physically set it up so one PC is connected to the outside of the pix and the other to the inside then this will never work with your current setup.
You have applied this acl to your outside interface -
access-list outside_access_in permit tcp host TestPC2 host TestPC eq 3389
but TESTPC2 is not in the 192.168.0.x network that the outside interface is in.
Perhaps you could clarify the layout ie. post a .jpg/.png and the IP address of TESTPC2 ?
Jon
06-08-2009 04:01 AM
Hi Jon,
Thankis for the quick reply,
I had to assign the 192.168.1.0.1 to outside interface as the ouside and inside interface cannot have an address in the same IP range.
To complete the test I need to have 192.168.1.2 connect to 192.168.1.152 via the firewall using an ACl rule.
Thanks.
06-08-2009 04:04 AM
06-25-2009 12:51 AM
Hi Jon,
Forgetting the info from my test can you see any way to firewall traffic from the lan to the DB server also on the same lan using the PIX 501?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide