Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
3
Replies

problem with DMZ in a PIX515E

juananibalb
Level 1
Level 1

‎08-05-2004 01:24 PM - edited ‎03-09-2019 08:19 AM

hi all

I have a pix 515E -R with a three interfaces: inside, outside and DMZ. I have 2 servers in DMZ with private Ip address and i am doing NAT in pix to public ip address for that these server are reachables from internet.

Th problem is thath each 2 o 3 days, the connectivity from internet to this servers is break, there is necessary reload the server to gain connectivity again.

Please anybody know what is the problem?

Thanks

Labels:
0 Helpful
3 Replies 3

nkhawaja
Cisco Employee
Cisco Employee

‎08-05-2004 05:02 PM

HI,

No Idea what the problem is :(

You need to provide more information. e.g. the version, config, syslogs etc.

Thanks

Nadeem

0 Helpful

juananibalb
Level 1
Level 1
In response to nkhawaja

‎08-06-2004 07:41 AM

Ok, nadeem

sh ver:

Cisco PIX Firewall Version 6.3(4)

Cisco PIX Device Manager Version 3.0(1)

Compiled on Fri 02-Jul-04 00:07 by morlee

PIX up 3 days 17 hours

Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 000e.d738.dd22, irq 10

1: ethernet1: address is 000e.d738.dd23, irq 11

2: ethernet2: address is 0002.b3ea.9dee, irq 11

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Disabled

Maximum Physical Interfaces: 3

Maximum Interfaces: 5

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has a Restricted (R) license.

Serial Number: 808010584 (0x30294358)

Running Activation Key: 0xeca6bf27 0x63d5789a 0x1627c6a2 0x9f3bf494

Configuration last modified by enable_15 at 14:18:11.118 UTC Thu Aug 5 2004

sh run:

: Saved

:

PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

access-list smtp permit tcp any host 200.1.1.1 eq www

access-list acl_dmz permit tcp any host 192.168.0.79 eq www

access-list acl-inside permit icmp any any

access-list acl-inside permit tcp any any

access-list acl-inside permit udp any any

access-list 101 permit ip 192.168.0.0 255.255.255.0 200.1.1.4 255.255.255.248

access-list 101 permit ip 192.168.0.0 255.255.255.0 172.16.8.0 255.255.255.0

pager lines 24

logging on

logging buffered informational

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip address outside 200.2.1.1 255.255.255.240

ip address inside 192.168.0.253 255.255.255.0

ip address dmz 172.16.8.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm location 200.3.1.1 255.255.255.0 outside

pdm history enable

arp timeout 14400

global (outside) 1 200.2.1.2

nat (inside) 0 access-list 101

nat (inside) 1 192.168.0.202 255.255.255.255 0 0

static (inside,outside) 200.1.1.2 192.168.0.153 netmask 255.255.255.255 0 0

static (inside,outside) 200.1.1.5 192.168.0.151 netmask 255.255.255.255 0 0

static (dmz,outside) 200.1.1.1 172.16.8.100 netmask 255.255.255.255 0 0

static (dmz,outside) 200.1.1.2 172.16.8.101 netmask 255.255.255.255 0 0

static (dmz,outside) 200.1.1.3 172.16.8.102 netmask 255.255.255.255 0 0

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0

access-group 100 in interface outside

access-group acl-inside in interface inside

route outside 0.0.0.0 0.0.0.0 200.2.1.3 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Thanks in advanced

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to juananibalb

‎08-06-2004 09:50 AM

Hi,

See these static statements are overlapping.

static (inside,outside) 200.1.1.2 192.168.0.153 netmask 255.255.255.255 0 0

static (dmz,outside) 200.1.1.2 172.16.8.101 netmask 255.255.255.255 0 0

What is the IP address of the server you see the issue?

Change the above static statments and do a clear xlat (if possible)

you also have this ACL applied on outside interface

access-group 100 in interface outsi

but the acl doesnot exists

Thanks

Nadeem

0 Helpful
Customers Also Viewed These Support Documents