Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
2
Replies

PIX Expert pls come

morganstanleylau
Level 1
Level 1

‎03-03-2005 06:01 AM - edited ‎02-20-2020 11:59 PM

Hi all ,

I have the problem about PIX 515e and my running config as below:

access-list inside deny tcp host 172.16.1.29 any eq domain

access-list inside deny udp host 172.16.1.29 any eq domain

access-list inside permit tcp 172.16.1.0 255.255.255.224 any eq domain

access-list inside permit udp 172.16.1.0 255.255.255.224 any eq domain

access-list inside permit tcp 172.16.1.0 255.255.255.224 any eq smtp

access-list inside permit tcp 172.16.1.0 255.255.255.224 any eq www

access-list inside permit tcp 172.16.1.0 255.255.255.224 any eq https

access-list inside permit tcp 172.16.1.0 255.255.255.224 any eq ftp

access-list inside permit tcp 172.16.1.0 255.255.255.224 any eq pop3

access-list inside permit tcp 172.16.1.0 255.255.255.224 any eq imap4

access-list inside permit tcp 172.16.1.0 255.255.255.224 any eq nntp

access-list inside permit tcp 172.16.1.0 255.255.255.224 any eq telnet

global (outside) 1 A.A.A.A

nat (inside) 1 172.16.1.0 255.255.255.224 0 0

nat (DMZ) 1 172.16.2.0 255.255.255.240 0 0

static (inside,outside) B.B.B.B 172.16.1.29 netmask 255.255.255.255 0 0

static (inside,DMZ) 172.16.1.0 172.16.1.0 netmask 255.255.255.224 0 0

static (DMZ,inside) 172.16.2.0 172.16.2.0 netmask 255.255.255.240 0 0

static (inside,outside) C.C.C.C 172.16.1.2 netmask 255.255.255.255 0 0

static (inside,outside) D.D.D.D 172.16.1.3 netmask 255.255.255.255 0 0

access-group outside in interface outside

access-group inside in interface inside

route outside 0.0.0.0 0.0.0.0 E.E.E.E 1

Ip address 172.16.1.29 using 172.16.1.2 (DNS Server) connect internet

Ip address 172.16.1.2 (DNS server) using ISP DNS can connect internet

But in 172.16.1.3 client can't connect internet , while using internal DNS or ISP DNS ,pls advise ?

Stanley

0 Helpful
2 Replies 2

scoclayton
Level 7
Level 7

‎03-03-2005 07:33 AM

Config looks fine. What does a 'sh local-host 172.16.1.3' show you?

Scott

0 Helpful

morganstanleylau
Level 1
Level 1
In response to scoclayton

‎03-03-2005 07:09 PM

Interface inside: 3 active, 3 maximum active, 0 denied

local host: <172.16.1.3>,

TCP connection count/limit = 0/unlimited

TCP embryonic count = 0

TCP intercept watermark = unlimited

UDP connection count/limit = 3/unlimited

AAA:

Xlate(s):

Global A.A.A.A Local 172.16.1.3

Conn(s):

UDP out 192.175.48.1:53 in 172.16.1.3:3146 idle 0:00:31 flags -

UDP out 192.175.48.6:53 in 172.16.1.3:3148 idle 0:00:22 flags -

UDP out 192.175.48.42:53 in 172.16.1.3:3149 idle 0:00:05 flags -

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card