06-19-2007 09:21 AM - edited 03-05-2019 04:49 PM
Hello,
I had a question regarding a PIX 506e firewall and a Catalyst 2960 switch and setting up internet access. Everything worked fine before I decided to subnet the internal network, I had it set up so the internet can be used and RDP can be passed through the firewall, ever sense I decided to subnet the network, I can still get RDP to pass through the firewall but I can not connect to the internet inside the network. Any advice would be much appreciated, thanks in advance!
Greg LePage
06-19-2007 10:57 AM
Hi Greg-
It sounds like maybe you need an internal route on your PIX. How did you subnet, and what is the topology of your network?
Paul
06-19-2007 01:41 PM
Here is the scenario, I will try to describe it the best I can without confusing anyone. The current network I am building has been sub netted to the following;
Domain Controller 1: 192.168.7.5 / 255.255.255.240
Domain Controller 2: 192.168.7.6 / 255.255.255.240
Terminal Services 1: 192.168.7.7 / 255.255.255.240
Terminal Services 2: 192.168.7.2.8 / 255.255.255.240
Encrypted File System: 192.168.7.9 / 255.255.255.240
On the terminal services I am using both the NICs to segment the network, so therefore they use the IP/SUB 192.168.7.20 / 255.255.255.240 & .21
I set up the PIX firewall to allow RDP connections to both TS1 and TS2. Now the issue I am having, is before I sub netted the network I could get both RDP connections and internet connections inside the internal network, however after doing what I described above I can still RDP into the network from the outside, but I can?t use the internet while inside. It?s weird because as soon as I change the subnet back to 255.255.255.0 the internet works.
Sorry if this was confusing and thanks for your help!
-Greg LePage
06-19-2007 01:45 PM
are your newly created subnets properly nat-ted for outbound internet access in the firewall?
06-19-2007 01:48 PM
??? Could you please clarify ???
06-19-2007 02:24 PM
You would have:
global (outside) 1 interface
nat (inside) 1 192.168.7.0 255.255.255.240
If you have this already, please post a config if you can.
HTH,
p
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide