11-21-2011 03:51 AM - edited 03-04-2019 02:21 PM
Hi All,
Im loosing my patience with my home setup im running. My ISP has given me a /29 static range which I have correctly applied. I have statically mapped a external IP to a device on the LAN without any issues. When checkign external ip on the device it appears as it shoud and everythgin else appears as the external address of the PIX. When I try to access anything past the router externally I cannot. I can ping the dialer and vlan1 interface on the 857w but cannot see anything past that.
All I want the router to do is route, and control everything from the pix. Have i left out a command somewhere? Any thoughts would be much appreciated.
I have attached my cofnigs and my diagram.
Many thanks
Jason
11-21-2011 04:19 AM
Hi Jason, can you change IP address as 192.168.99.11 instead of x.x.82.219 in the access-list you applied outside?
PIX OS before 7.2 accepts private IP addresses in the access-list statements.
access-list outside_access_in remark *** Permit ICMP to PIX ***
access-list outside_access_in permit icmp any any
access-list outside_access_in remark *** Permit FTP to NAS ***
access-list outside_access_in permit tcp any host 192.168.99.11 eq ftp
access-list outside_access_in remark *** Permit RDP to NAS ***
access-list outside_access_in permit tcp any host 192.168.99.11 eq 3389
access-list outside_access_in remark ** Permit DNS to NAS (UDP) ***
access-list outside_access_in permit udp any host192.168.99.11 eq domain
access-list outside_access_in remark ** Permit DNS to NAS (TCP) ***
access-list outside_access_in permit tcp any host 192.168.99.11 eq domain
Hope this helps
Ali TADIR
11-21-2011 05:09 AM
Hi Ali,
I think it is above the 7.2 but I will amend this when I get home later.
I remembered that it is doing a few more odd things. I can't seem to ping the outside interface of the pix and im also having issues conecting to a work vpn usign windows on a dhcp'd client.
Can you see anything else on the list that may be causing an issue?
Many thanks
Jason
11-21-2011 06:04 AM
Hi Jason, I don't think that its software is above 7.2 because the last software that PIX 501 supports is 6.3.5.
Regarding pptp/l2tp vpn;
you should enter the fixup command;
fixup protocol pptp 1723
Ali TADIR
11-21-2011 06:08 AM
Jason, I also don't see the access group commands in order to apply the access-lists. Please add the below line also;
these lines permit traffic to outbound
access-list inside_access_in permit ip any any
access-list inside_access_in permit icmp any any
these lines apply traffic to the interfaces
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
Hope these helps
Ali TADIR
11-21-2011 07:22 AM
Ah ha. I think these may be the command Ali!
When I get home I will give them a go and let you know.
Many thanks
Jason
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide