PIX 515E Help

k.grossman · ‎03-04-2005

I'm trying to use a 515E to replace a Symantec VPN/FW that uses a single public address for the following:

1) Internet for internal users

2) 3 Site-to-Site VPN's

3) PPTP port 1723 (forwards to internal address 192.168.1.20)

4) SMTP port 25 (forwards to internal address 192.168.1.110)

5) WTS port 3389 (forwards to internal address 192.168.1.5)

6) Web port 80 (forwards to internal server 192.168.1.6)

I was able to get the PIX to handle Internet and the Site-to-Site VPN's but when I tried to set up SMTP, PPOE, etc. it would knock down the VPN's.

Any suggestions? Can the PIX do all of this through one outside interface?

Thanks

umedryk · ‎03-10-2005

Check your conduit permits or ACLs for proper entries.

Patrick Iseli · ‎03-10-2005

This works fine, I have configured that in multiple places.

Example for port redirection:

http server is: 192.168.1.10

ip address outside YOUR-PUB-IP 255.255.255.240

ip address inside 192.168.1.1 255.255.255.0

access-list acl_out permit tcp any interface outside eq http

access-group acl_out in interface outside

static (inside,outside) tcp interface http 192.168.1.10 http netmask 255.255.255.255 0 0

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 Gateway 1

Whwn you change the NAT PAT settings you have to do a

CLEAR XLATE and this will reset all connections.

Please Post your config so that I can see wahts wrong in your config !

sincerely

Patrick