Re: PIX access across WAN

andymh · ‎03-24-2006

Using a PIX 515 I've allowed external access on port 1677 to 2 NAT'd servers. One server sits on the same LAN as the PIX, the other sits on another site over an MPLS core.

I can attach externally to the server on the same LAN, but cannot attach to the other. The ACL is fine and permits the traffic but it never gets to the other site. The NATting is all fine with a sh xlate. Not sure where to look next ?

jmia · ‎03-24-2006

Have you got a route added on the pix for your other network (MPLS) i.e.

route inside x.y.z.x mask

Jay

andymh · ‎03-27-2006

Jay,

Yes I have this route on the PIX already.

Andy

aparan · ‎03-27-2006

Hello. Remember that when you use the command "ip address outside pppoe setroute" or similar, you can't add some routes.

I hope this will help you.

trackme · ‎03-30-2006

Is the remote server behind a firewall or a router that doesnt allow inbound connections , check that since that could be also an issue.

also check whether that remote server is able to reached from the local lan itself on the specified port to see the service as i had the same issue some time back.

Since you said the xlate works that means your end is ok since the xlate will form only when you have a proper ACL, route etc and if still not working means some thing which you need to check at the remote end only.

Probably you can check the remote server logs or if there is firewall or router check that logs as well why you are not able to reach from here.

hope this helps