01-03-2007 06:51 AM - edited 03-11-2019 02:15 AM
hi, am having trouble configuring a 506e firwall which is currently setup in a lab, i think there is a problem with the acl's or the static routing but not sure so here is the config.
thanks
Alex
01-03-2007 07:18 AM
Could you please elaborate as to what you are trying to achieve and where are you facing the problem?
Narayan
01-03-2007 12:12 PM
sorry, am trying to allow icmp and www through the firewall to start with. currently i can ping both interfaces from there sides of the pix but cannot ping through the pix.
thanks
Alex
01-03-2007 07:56 AM
Try the modified configuration (attached) - I have included only www and smtp access. By defult the PIX will allow all connection outbound (Higher Security Interface to Lower Security Interface) but if you need any services such as smtp/www allowed into your internal network then you'll need ACL and static for this process.
Make sure that your MX record is pointing to the correct public IP address which is bound to the outside interface for smtp also for www access.
Also, note - if you only have the one public IP address and this is being used by the outside interface then you can substitute the ACLs and statics as such:
access-list outside_in permit tcp any host 194.74.152.163 eq smtp
access-list outside_in permit tcp any host 194.74.152.163 eq www
access-group outside_in in interface outside
static (inside,outside) tcp interface smtp
static (inside,outside) tcp interface www
After the modifications issue: write mem and also issue clear xlate.
To test for connectivity via the PIX configure the following on the outside interface:
access-list outside_in permit tcp any host 194.74.152.163 eq smtp
access-list outside_in permit tcp any host 194.74.152.163 eq www
access-list outside_in permit icmp any any echo-reply
access-list outside_in permit icmp any any unreachable
access-list outside_in permit icmp any any time-exceeded
access-group outside_in in interface outside
You should take out the icmp commands out when have finished testing.
Again, save with: write mem and also issue: clear xlate
Hope this helps and if you need any further help then let us know.
Please rate posts if it helps!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide