Problem with Pix 515

franspain · ‎09-22-2004

I have a network where I include two nas routers and one pix 515. The routers have external ip addresses and provide access and external ip addresses to the users who connect. The pix is configured to secure all the servers as mail, web, ftp...

My problem is that the users who connect to the nas can see all internet hosts but can't see the external ip addresses configured in the pix. So they can't access to our services...

Any idea, please?

Thank you

paddyxdoyle · ‎09-22-2004

Hi,

Have you got static's set up for each of your internal servers?

Have you got an access-list bound to your outside interface permitting http, web, ftp etc to your servers?

What are you seeing in the log files?

Rgds

Paddy

franspain · ‎09-22-2004

Yes, I have a static translation to each server using static and pat. This is working properly if I access to the servers from a different network, but if I access to the server from any of the external ip addresses of my range ( the ip that I assign to the nas users ) the addresses are unreachable.

If I ping the servers from the nas, there is no problem, but if I ping from a host connected to the nas using an given ip, it is unreachable.

perhaps a ip route problem in the nas servers? perhaps a network mask wrong in the nas or pix?

any idea?

thanks

paddyxdoyle · ‎09-22-2004

Sounds like a routing issue.

Have you got a route on the PIX pointing to your external hosts network range via the internal address of your NAS.

What happens when you trace to the PIX from your external clients?

Do a trace to the PIX and check the log on the PIX or use the capture command to see if you traffic is reaching it and not being routed back.

Rgds

Paddy