Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Pix 506E How to configure NAT and ACL

Avatar of NWJP
NWJP asked on
Hardware FirewallsCisco
29 Comments1 Solution517 ViewsLast Modified:
Hi Experts,

I have a pix 506E configured with Vlan. From all the Vlan, i can access the internet but i need to configure a bit more. Everything i tried out is not working... i am lost, need help.

Here is what i want to do:
1- Within Vlan3 access all IPs (any protocols and ports)
2- From Vlan2 access all IPs in Vlan3 (any protocols and ports)

Here is my configuration:
NW-PIX(config)# sh config
: Saved
: Written by enable_15 at 07:18:12.646 UTC Fri Jan 1 1993
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet1 vlan2 physical
interface ethernet1 vlan3 logical
interface ethernet1 vlan4 logical
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif vlan3 XXXXX security50
nameif vlan4 OSCAR security75
enable password fdG9PSr3IeUwRf5y encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname NW-PIX
domain-name XXXXX
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
pager lines 24
logging console debugging
logging monitor debugging
logging buffered debugging
logging trap debugging
logging device-id hostname
mtu outside 1500
mtu inside 1500
ip address outside
ip address inside
ip address XXXXX
ip address OSCAR
ip audit info action alarm
ip audit attack action alarm
pdm logging debugging 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0 0
nat (XXXXX) 1 0 0
nat (OSCAR) 1 0 0
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Avatar of MikeKane
This problem has been solved!
Unlock 1 Answer and 29 Comments.
See Answers