Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
710
Views
0
Helpful
4
Replies

PIX not allowing pass through from outside to inside

gtaylor
Level 1
Level 1

‎12-31-2002 11:10 AM - edited ‎02-20-2020 10:27 PM

I am having an issue with a PIX 515 that I could use some advice with. I have an internal server which needs to be accessible to the internet via HTTP only. I have created an access-list on the outside interface allowing any host to access the external IP I will use. I then have a static from the external address to the internal address. The twist is that my internal network is 10.0.x.x, but the host on the inside that I need to get to from the internet is a 192.192.x.x. I can be on the pix and ping the 192 host, and it can ping the pix. I have added a route inside statemtent on the pix telling the 192.x.x.x network to use the internal router to route to the 192 host. We cannot ping or connect to the 192 host from outside. We have one other machine that is addressed as a 10.0.x.x, and on the inside that we are allowing to be hit from the internet through the pix, and we can hit it fine. My question is whether or not the pix is stopping us from reaching the 192 host because it is not the same as the inside interface, which is a 10.0.x.x? Also, our DMZ interface is 192.168x.x, so could it be possible that the pix is seeing this host as being on the dmz? I'm not sure if this would be a factor, since our subnet masks are correct. Would anyone have any ideas on this or come accross a similar situation? Thanks for your help.

0 Helpful
4 Replies 4

ajagadee
Cisco Employee
Cisco Employee

‎12-31-2002 02:52 PM

Hi,

What is the default gateway of the 192.192.x.x address.

If I am a user on the internet trying to access your web server, my source will be any routable ip address and the 192 should know that it has to send the packet back to the pix for me to get a response.

Regards,

Arul

0 Helpful

tvanginneken
Level 4
Level 4

‎01-01-2003 09:29 AM

Hi,

is it possible to post the config (!!remove public addresses and passwords!!)

At first glace your actions seem right.

Kind Regards,

Tom

0 Helpful

p-hogan
Level 1
Level 1

‎01-03-2003 03:34 AM

i think you may need a two translations:

1- On PIX - from outside to inside (xxx to 10.0)

2 - On router - from inside to other (10.0 to 192.192)

or move the server to the 10.0 network

0 Helpful

gtaylor
Level 1
Level 1
In response to p-hogan

‎01-03-2003 08:34 AM

Thanks for all the responses. We have moved the server to the 10.0.x.x, which is what it should be anyway and it worked right away.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card