Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
285
Views
0
Helpful
2
Replies

PIX Setup Question

agoodwin
Level 1
Level 1

‎06-23-2003 12:05 AM - edited ‎02-20-2020 10:48 PM

Hi,

Is there anything wrong with this setup. I have two legal ip addresses. One for the router and one for the external int of the pix. I need to have a nat 1 command for the entire internal network (this is not used yet but is setup). I need a static for the mail/www server "static (inside,outside) interface 10.0.0.2" so to speak. I need to allow in www,443 and 25 to this interface. I also need to allow microsoft vpn and cisco vpn. I have realised that I cannot create the above static as it stops the vpn from working so I have created 3 "static (inside,outside) interface 25 10.0.0.2 25" commands and then bound the access-list to the external interface. It all works but I am finding that internet on the desktops (that is via the proxy server 10.0.0.2) is seeming to hang every now and again - you can browse into a web page to about 4 layers and then nothing happens. If you close and reopen IE it works fine again.

Im pretty sure the clients are ok as this setup was just a static for the 10.0.0.2 machine (no vpn, nat and inbound ports) before and all worked fine,

I would appreciate any idea's anyone has

Thanks for your time

Andy.

0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎06-23-2003 11:30 AM

static forwarding should not stop the vpn from working. What precisely is the static command you are trying to use?

Is sounds like the proxy server might have a problem, or perhaps your bandwidth utilization is high. PIXen really don't get involved in http traffic unless you have websense/n2h2 filtering enabled, or have java/activex blocking. Have you checked your connection counts on the pix? What model do you have? How many users use the proxy server?

0 Helpful

agoodwin
Level 1
Level 1
In response to mostiguy

‎06-23-2003 01:01 PM

I have:

nat (inside)1 10.0.0.0 255.255.0.0

global (outside) 1 interface

static (inside,outside) 1.1.1.1 25 10.0.0.2 25

static (inside,outside) 1.1.1.1 80 10.0.0.2 80

static (inside,outside) 1.1.1.1 443 10.0.0.2 443

access-list 101 permit tcp any host 1.1.1.1 eq smtp

access-list 101 permit tcp any host 1.1.1.1 eq http

access-list 101 permit tcp any host 1.1.1.1 eq 443

access-group 101 in interface outside

plus settings to allow pptp and cisco client to connect on 1.1.1.1

It all works including the vpn (apologies if I have written it down wrong as its from the top of my head but you get the idea) I was just wondering whether there was something strange happening with the nat command maybe?

The problem is just www browsing appears to timeout or something?

Thanks for your reply,

cheers

Andy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card