Pix configuration to allow outside network access to inside Windows server

Webcc
Webcc used Ask the Experts™
on
Have the following network:

192.168.0.0 (subnet) -------- switch  (Windows Server 2003 & 6 workstations)
                                                |                                              
                                                |  (inside 192.168.0.254)
                                              PIX
                                                |  (outside 192.168.1.254)
                                                |
192.168.1.0 (subnet) -------- switch ---------- Internet router

Right now they are two seperate networks, but have the need to connect 3 users on the 192.168.0.0 subnet to not only connect to the Windows server (same subnet) but the Internet subnet as well.  Additionally, have 1 user on the Internet subnet who needs to get to the Windows server.  This is the owner and does not want to be on the 192.168.0.0 subnet (paranoid).   We have a Pix 501 lying around no $$ to purchase a router.  Placed in between the networks solves the problem, but cannot create access-list for 192.168.1.0 (outside) to access 192.168.0.0 (inside) Windows Server.

Tried:  
static (inside, outside) 192.168.0.200 192.168.1.100
access-list 101 permit tcp any host 192.168.0.200 eq 135
access-list 101 permit tcp any host 192.168.0.200 eq 139
access-list 101 permit udp any host 192.168.0.200 eq 137
access-list 101 permit udp any host 192.168.0.200 eq 138
access-group 101 in interface outside

Explanation:
192.168.0.200 = Windows server
192.168.1.100 = Outside user
Help!!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
try this
static (inside,outside) tcp 192.168.1.254 135 192.168.0.200 135 netmask 255.255.255.255 0 0
static (inside,outside) tcp 192.168.1.254 135 192.168.0.200 139 netmask 255.255.255.255 0 0
static (inside,outside) udp 192.168.1.254 135 192.168.0.200 137 netmask 255.255.255.255 0 0
static (inside,outside) udp 192.168.1.254 135 192.168.0.200 138 netmask 255.255.255.255 0 0
access-list 101 permit tcp host 192.168.1.100 host 192.168.0.200 eq 135
access-list 101 permit tcp host 192.168.1.100 host 192.168.0.200 eq 139
access-list 101 permit udp host 192.168.1.100 host 192.168.0.200 eq 137
access-list 101 permit udp host 192.168.1.100 host 192.168.0.200 eq 138
access-group 101 in interface outside
WebccPresident

Author

Commented:
Unfortunately, still not working.  Any additional ports that need to be opened?
how are you trying to access the server.  Are you using UNC?  Try \\192.168.1.254 from the client machine.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

WebccPresident

Author

Commented:
Was trying \\192.168.0.200
Should I be pointing to the outside side since that should translate to 0.200?
yes
imagine you are hosting a web server.  Users from the outside would have no knowledge or access to your private IPs, they would use the public IP.  Same scenario applies here.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial