Re: Qst about Cisco PIX 515E With Cisco PIX Security Appliance S - Page 2

ozaanil72 · ‎04-09-2010

Hi,

I have Cisco PIX 515E With Cisco PIX Security Appliance Software Version 7.0(6).

We are using three interfaces. One outside, second WEB(for web server) & third DB(for database server)

We have published our web server and so available from public network.

Now, I want to access my website(web server) from inside network(servers connected to WEB interface) with public IP address. But it is not working.

When I try from inside of the network, the packet is handled by the default route and sent onto the outside interface. At that point, the packet disappears because the PIX does not turn the packet around and send it back inside. In fact, I'm not even sure that the NAT

rules come into play in this scenario.

So, is it possible to hit external IP of my web server from internally?

If yes than how?

Regards,

Anil Oza

ozaanil72 · ‎05-06-2010

Hi,

Please find the attachment for PIX config.

Thanks,

Anil Oza

Jennifer Halim · ‎05-07-2010

Hi Anil,

As Ashu advised earlier, you would need to upgrade the PIX to at least version 7.2.1 for the "same-security-traffic permit intra-interface" command to work for clear text traffic (as in your case).

Please upgrade the PIX to version 7.2.1 (I would recommend 7.2.4 as Ashu's advise) and what you are trying to achieve will work.

ozaanil72 · ‎05-07-2010

Thanks to both of you for help.

last qst... what is a clear text traffic. Means it will work for only http not for https.

Jennifer Halim · ‎05-07-2010

Clear text means it is not encrypted through IPSec VPN tunnel.

Qst about Cisco PIX 515E With Cisco PIX Security Appliance Software Version 7.0(6)