[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Packets not being returned to server inside a PIX 506E

Posted on 2006-11-27
4
Medium Priority
?
243 Views
Last Modified: 2013-12-07
I have a server on a network inside a PIX 506E. I have an external device that I can ping from the PIX, and the external device responds, which can be seen on the PIX command line interface. I have a server inside the PIX which is attached to the PIX via a switch. The server can send a ping request out to the external device, which responds (as seen on the PIX command line by use of debug packet), however the response never gets sent back through to the internal server.

I am also having problems getting Internet Explorer on that internal server to open up websites by domain name (such as windowsupdate.microsoft.com). Some websites it will open, others it won't. nslookup can resolve a name for windowsupdate.microsoft.com, but IE seemingly can't. IE can open websites by IP address (like http://123.456.789.123/index.htm).

Does anyone have any idea what the problem might be, and how I can resolve it?
0
Comment
Question by:AGBrown
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 4

Accepted Solution

by:
pakitloss earned 2000 total points
ID: 18022676
As for icmp try:

access-list inbound permit tcp any any eq echo
access-list inbound permit icmp any any echo-reply
access-list inbound permit icmp any any traceroute

If the server is a domain controller try configuring forwarders to point to your external DNS.
0
 
LVL 12

Author Comment

by:AGBrown
ID: 18022730
The server is a standalone server, the NIC is setup the same way as another private network in the same colocation facility, and the other private network seems to work fine. Given that nslookup works for domain name resolution, this might be a problem with IE instead.

The icmp commands worked. Can you explain why I need to explicitly state inbound access commands for icmp if I'm only expecting a reply to icmp requests that originated inside the network?

It is useful to know that the problems are not related.
0
 
LVL 4

Expert Comment

by:pakitloss
ID: 18024448
Because there is no translation rule for ICMP by default on a PIX. Ok.... so now DNS.... if you think it may be IE then try downloading Firefox and installing it and see if it works.
0
 
LVL 12

Author Comment

by:AGBrown
ID: 18029776
I just read up on the icmp as it was ringing bells but couldn't remember it properly. It would seem that its not that there's no translation rule, per se, but that although outbound icmp is permitted, the incoming reply is denied by default.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

W.r.t. the problems with IE, it would seem that I've been having DNS problems. I'm using another DNS server for the moment.

Thanks for the help

Andy
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question