Avatar of Webcc
Webcc
Flag for United States of America asked on

Pix configuration to allow outside network access to inside Windows server

Have the following network:

192.168.0.0 (subnet) -------- switch  (Windows Server 2003 & 6 workstations)
                                                |                                              
                                                |  (inside 192.168.0.254)
                                              PIX
                                                |  (outside 192.168.1.254)
                                                |
192.168.1.0 (subnet) -------- switch ---------- Internet router

Right now they are two seperate networks, but have the need to connect 3 users on the 192.168.0.0 subnet to not only connect to the Windows server (same subnet) but the Internet subnet as well.  Additionally, have 1 user on the Internet subnet who needs to get to the Windows server.  This is the owner and does not want to be on the 192.168.0.0 subnet (paranoid).   We have a Pix 501 lying around no $$ to purchase a router.  Placed in between the networks solves the problem, but cannot create access-list for 192.168.1.0 (outside) to access 192.168.0.0 (inside) Windows Server.

Tried:  
static (inside, outside) 192.168.0.200 192.168.1.100
access-list 101 permit tcp any host 192.168.0.200 eq 135
access-list 101 permit tcp any host 192.168.0.200 eq 139
access-list 101 permit udp any host 192.168.0.200 eq 137
access-list 101 permit udp any host 192.168.0.200 eq 138
access-group 101 in interface outside

Explanation:
192.168.0.200 = Windows server
192.168.1.100 = Outside user
Help!!
Windows NetworkingHardware FirewallsRouters

Avatar of undefined
Last Comment
ErnieExpert

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
ErnieExpert

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Webcc

ASKER
Unfortunately, still not working.  Any additional ports that need to be opened?
ErnieExpert

how are you trying to access the server.  Are you using UNC?  Try \\192.168.1.254 from the client machine.
Webcc

ASKER
Was trying \\192.168.0.200
Should I be pointing to the outside side since that should translate to 0.200?
Your help has saved me hundreds of hours of internet surfing.
fblack61
ErnieExpert

yes
ErnieExpert

imagine you are hosting a web server.  Users from the outside would have no knowledge or access to your private IPs, they would use the public IP.  Same scenario applies here.