Link to home
Start Free TrialLog in
Avatar of Webcc
WebccFlag for United States of America

asked on

Pix configuration to allow outside network access to inside Windows server

Have the following network:

192.168.0.0 (subnet) -------- switch  (Windows Server 2003 & 6 workstations)
                                                |                                              
                                                |  (inside 192.168.0.254)
                                              PIX
                                                |  (outside 192.168.1.254)
                                                |
192.168.1.0 (subnet) -------- switch ---------- Internet router

Right now they are two seperate networks, but have the need to connect 3 users on the 192.168.0.0 subnet to not only connect to the Windows server (same subnet) but the Internet subnet as well.  Additionally, have 1 user on the Internet subnet who needs to get to the Windows server.  This is the owner and does not want to be on the 192.168.0.0 subnet (paranoid).   We have a Pix 501 lying around no $$ to purchase a router.  Placed in between the networks solves the problem, but cannot create access-list for 192.168.1.0 (outside) to access 192.168.0.0 (inside) Windows Server.

Tried:  
static (inside, outside) 192.168.0.200 192.168.1.100
access-list 101 permit tcp any host 192.168.0.200 eq 135
access-list 101 permit tcp any host 192.168.0.200 eq 139
access-list 101 permit udp any host 192.168.0.200 eq 137
access-list 101 permit udp any host 192.168.0.200 eq 138
access-group 101 in interface outside

Explanation:
192.168.0.200 = Windows server
192.168.1.100 = Outside user
Help!!
ASKER CERTIFIED SOLUTION
Avatar of ErnieExpert
ErnieExpert

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Webcc

ASKER

Unfortunately, still not working.  Any additional ports that need to be opened?
Avatar of ErnieExpert
ErnieExpert

how are you trying to access the server.  Are you using UNC?  Try \\192.168.1.254 from the client machine.
Avatar of Webcc

ASKER

Was trying \\192.168.0.200
Should I be pointing to the outside side since that should translate to 0.200?
imagine you are hosting a web server.  Users from the outside would have no knowledge or access to your private IPs, they would use the public IP.  Same scenario applies here.