• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 439
  • Last Modified:

PIX Version 6.1(4) Question regarding config - 500pnts

Ok I think,

77.x.x.55 is the global outside IP address
77.x.x.52 is use to send port 80,443 and 25 to the internal network is my internal address (Our exchange server)

Nat outside to inside is 77.x.x.52 -

A problem has arose because i've just installed a new exchange server and we can't access from the outside world upon investigation I have found.

77.x.x.55 - can't not be reached via ping
77.x.x.52 - can be reached via ping
77.x.x.52 - will not connect via telnet on port 80,443,25

I am looking for someone to double check the config, also is it possible that the Cisco Firewall is going wrong or has got corrupted?

PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password encrypted
passwd  encrypted
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
no fixup protocol h323 1720
no fixup protocol rsh 514
no fixup protocol rtsp 554
no fixup protocol sqlnet 1521
no fixup protocol sip 5060
no fixup protocol skinny 2000
access-list mail permit tcp any host 77.x.x.52 eq smtp
access-list mail permit tcp any host 77.x.x.52 eq www
access-list mail permit tcp any host 77.x.x.52 eq 443
pager lines 24
logging on
logging buffered errors
logging trap notifications
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 77.x.x.52
ip address inside
ip audit info action alarm
ip audit attack action alarm
ip local pool pool2
no pdm history enable
arp timeout 14400
global (outside) 1 77.x.x.55
nat (inside) 1 0 0
nat (inside) 1 0 0
nat (inside) 1 0 0
nat (inside) 1 0 0
nat (inside) 1 0 0
nat (inside) 1 0 0
nat (inside) 1 0 0
nat (inside) 1 0 0
static (inside,outside) 77.x.x.52 netmask 0 0
access-group mail in interface outside
route outside 77.x.x.51 1
route inside 1
route inside 1
route inside 1
route inside 1
route inside 1
route inside 1
route inside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 s
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt ipsec pl-compatible
no sysopt route dnat
telnet inside
telnet inside
telnet inside
telnet inside
telnet timeout 5
ssh inside
ssh timeout 5
terminal width 80
  • 4
1 Solution
Ernie BeekExpertCommented:
Your outside IP address is wrong:
ip address outside 77.x.x.52

You might want to change that back to:
ip address outside 77.x.x.55
And use:
global (outside) 1 interface
Ernie BeekExpertCommented:
That is, if I read this correct:
77.x.x.55 is the global outside IP address
So 77.x.x.55 is not only the IP address use in the nat-global setup but also the outside IP address of the PIX.

So, am I reading this correct?
Ernie BeekExpertCommented:
I also took the liberty of sanitizing your posted configuration, you don't want to show too much ;)
ise438Author Commented:
Thank you
Ernie BeekExpertCommented:
My pleasure. Thx 4 the points.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now