Solved

Cisco PIX 501, Broken connection to SBS 2003 Remote Web Workplace

Posted on 2009-05-08
3
423 Views
Last Modified: 2012-08-14
I don't how,  but I've broken the connection to the SBS 2003 Remote Web Workplace.  I don't know what's changed in my Cisco PIX 501 config to get it to stop working.
Building configuration...

: Saved

:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxxxxxxxxxxxxx encrypted

passwd xxxxxxxxxxxxxxx encrypted

hostname pix-veits

domain-name ciscopix.com

clock timezone EST -5

clock summer-time EDT recurring

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol pptp 1723

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

no fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

name 64.219.161.225 NetworkPartnersSyslogServer

name 192.168.78.2 Server

object-group service Service-service-group tcp 

  port-object eq ident 

  port-object eq https 

  port-object eq smtp 

  port-object eq www 

access-list outside_access_in permit tcp any host 67.91.xx.xx object-group Service-service-group log 

access-list outside_access_in permit icmp any host 67.91.xx.xx echo-reply log 

access-list outside_access_in permit tcp any host 67.91.xx.xx eq 3389 

access-list outside_access_in permit tcp any host 67.91.xx.xx eq 4125 

access-list outside_access_in permit tcp any host 67.91.xx.xx  eq 444 

access-list inside_outbound_nat0_acl permit ip 192.168.78.0 255.255.255.0 192.168.100.0 255.255.255.0 

access-list vpngroup_splitTunnelAcl permit ip 192.168.78.0 255.255.255.0 192.168.100.0 255.255.255.0 

access-list inbound permit tcp any interface outside eq 3389 

access-list inmap permit tcp any host 67.91.xx.xx eq 3389 

pager lines 24

logging on

logging timestamp

logging monitor informational

logging device-id ipaddress outside

logging host outside NetworkPartnersSyslogServer

mtu outside 1500

mtu inside 1500

ip address outside 67.91.xx.xx  255.255.255.224

ip address inside 192.168.78.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool vpnpool 192.168.100.100-192.168.100.115

pdm location 205.172.249.0 255.255.255.0 outside

pdm location 192.168.0.2 255.255.255.255 inside

pdm location NetworkPartnersSyslogServer 255.255.255.255 outside

pdm location 64.233.245.0 255.255.255.0 outside

pdm location 192.168.100.0 255.255.255.0 outside

pdm location 192.168.78.96 255.255.255.224 outside

pdm location 192.168.78.0 255.255.255.0 inside

pdm location Server 255.255.255.255 inside

pdm location 67.91.19.35 255.255.255.255 outside

pdm location 192.168.78.3 255.255.255.255 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 192.168.78.0 255.255.255.0 0 0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 67.91.xx.xx Server dns netmask 255.255.255.255 0 0 

access-group inmap in interface outside

route outside 0.0.0.0 0.0.0.0 67.91.19.33 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+ 

aaa-server TACACS+ max-failed-attempts 3 

aaa-server TACACS+ deadtime 10 

aaa-server RADIUS protocol radius 

aaa-server RADIUS max-failed-attempts 3 

aaa-server RADIUS deadtime 10 

aaa-server RADIUS (inside) host Server veitsgroupllc timeout 10

aaa-server LOCAL protocol local 

aaa authentication ssh console LOCAL

aaa authorization command LOCAL 

ntp server 192.5.41.209 source outside

http server enable

http 205.172.249.0 255.255.255.0 outside

http 0.0.0.0 0.0.0.0 outside

http 192.168.78.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

tftp-server outside Server C:\TFTP-Root

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map client authentication LOCAL 

crypto map outside_map interface outside

isakmp enable outside

isakmp nat-traversal 20

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup vpngroup address-pool vpnpool

vpngroup vpngroup dns-server Server

vpngroup vpngroup wins-server Server

vpngroup vpngroup default-domain xxxxxx.local

vpngroup vpngroup split-tunnel vpngroup_splitTunnelAcl

vpngroup vpngroup idle-time 1800

vpngroup vpngroup password ********

telnet timeout 5

ssh 205.172.249.0 255.255.255.0 outside

ssh 0.0.0.0 0.0.0.0 outside

ssh 64.233.245.0 255.255.255.0 outside

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 5

management-access outside

console timeout 0

dhcpd lease 3600

dhcpd ping_timeout 750

username xxxxxxxxx encrypted privilege 3

username xxxxxxxxx encrypted privilege 15

username xxxxxxxxx encrypted privilege 3

username xxxxxxxxx encrypted privilege 3

username xxxxxxxxx encrypted privilege 3

username xxxxxxxxx encrypted privilege 3

usernamexxxxxxxxx encrypted privilege 3

privilege show level 0 command version

privilege show level 0 command curpriv

privilege show level 3 command pdm

privilege show level 3 command blocks

privilege show level 3 command ssh

privilege configure level 3 command who

privilege show level 3 command isakmp

privilege show level 3 command ipsec

privilege show level 3 command vpdn

privilege show level 3 command local-host

privilege show level 3 command interface

privilege show level 3 command ip

privilege configure level 3 command ping

privilege show level 3 command uauth

privilege configure level 5 mode enable command configure

privilege show level 5 command running-config

privilege show level 5 command privilege

privilege show level 5 command clock

privilege show level 5 command ntp

privilege show level 5 mode configure command logging

privilege show level 5 command fragment

terminal width 80

Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxx: end

[OK]

Open in new window

0
Comment
Question by:baggio8
  • 2
3 Comments
 
LVL 2

Expert Comment

by:chris_shaw
ID: 24334337
I can't see all your settings from your post - but you need to forward the following ports to your server:
Remote Web Workplace requires Port 4125
Generally, you should also be forwarding ports 80, 443 and 444 as well, for other services.
0
 

Accepted Solution

by:
baggio8 earned 0 total points
ID: 24337278
I figured this out.  Apparently the following was missing and I restored it to the config:
access-group outside_access_in in interface outside
I just compared my running configuration to an older saved config.

That gave me a scare.
0
 

Author Comment

by:baggio8
ID: 24337297
Answered myself based on my last comment
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco MRA Phones 4 69
Cisco Router help 5 55
Server Backup on 2016 Essentials Box 1 39
Configuring routing and ACL for Cisco 891 router 15 47
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now