Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
1
Replies

PIX 515 NAT Issue (or could be access list...)

waynewright
Level 1
Level 1

‎01-24-2003 08:35 PM - edited ‎02-20-2020 10:31 PM

Looked at this too many times, can't see what I'm missing...Incoming mail and web working fine, can't get anything out. Info loggin show lots of UDP DNS traffic do I need to open port 53 or something?...

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security10

access-list acl_in permit tcp any host X.X.X.171 eq www

access-list acl_in permit tcp any host X.X.X.171 eq smtp

interface ethernet0 10baset

interface ethernet1 100basetx

interface ethernet2 auto shutdown

ip address outside X.X.X.170 255.255.255.248

ip address inside W.W.W.1 255.255.255.0

ip address intf2 127.0.0.1 255.255.255.255

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) X.X.X.171 W.W.W.4 netmask 255.255.255.255 0 0

access-group acl_in in interface outside

route outside 0.0.0.0 0.0.0.0 X.X.X.169 1

0 Helpful
1 Reply 1

tvanginneken
Level 4
Level 4

‎01-25-2003 08:48 AM

Hi,

could you try pinging www.cisco.com. You will no receive any reply packet (pix blocks) but you should check if 'www.cisco.com' is resolved to an IP address. If it is not resolved to an IP address, then there may be a problem with the configured DNS servers on the pc's and servers.

Instead of pinging, you could try nslookup (on a computer behind the pix) to see if you can reach your DNS servers.

Your config, as it is right now, should allow all outbound traffic.

Kind Regards,

Tom

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card