Tom's Hardware > Forum > General Networking > Firewall > pix 515E cannot access www or telnet

pix 515E cannot access www or telnet

Forum General Networking : Firewall - pix 515E cannot access www or telnet

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Jonathan   04-16-2004 at 05:18:31 PM

Archived from groups: comp.security.firewalls (More info?)

 

Hi,

I've been battling along last 2 days with my config and the end result is I
can only ping / tracert to machines on the internet.
All hosts on the network run on public ip addresses therefore no natting.

I allow telnet but cannot telnet - or it seems somewhere data is getting
lost and telnet session never establishes. This is what log shows:

Built outbound TCP connection 17 for faddr 196.4.16.227/23 gaddr
66.8.177.x/3901 laddr 66.8.177.x/3901

After a while it shows:
Teardown TCP connection 17 faddr 196.4.16.227/23 gaddr 66.8.177.x/3901
laddr 66.8.177.x/3901duration 02:11 bytes 0 (SYN Timeout)

I have tried adding a route statement on router for 66.8.177.x to the
internal interface of the pix and no difference. I do know the access list
is working because when I remove telnet access for the host 66.8.177.x then
the log shows dropped connection due to access list.

Where can I start looking to debug this, any ideas / recommendations?

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   04-16-2004 at 05:18:32 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

jonathan wrote:
> Hi,
>
> I've been battling along last 2 days with my config and the end result is I
> can only ping / tracert to machines on the internet.
> All hosts on the network run on public ip addresses therefore no natting.
>
> I allow telnet but cannot telnet - or it seems somewhere data is getting
> lost and telnet session never establishes. This is what log shows:
>
> Built outbound TCP connection 17 for faddr 196.4.16.227/23 gaddr
> 66.8.177.x/3901 laddr 66.8.177.x/3901
>
> After a while it shows:
> Teardown TCP connection 17 faddr 196.4.16.227/23 gaddr 66.8.177.x/3901
> laddr 66.8.177.x/3901duration 02:11 bytes 0 (SYN Timeout)
>
> I have tried adding a route statement on router for 66.8.177.x to the
> internal interface of the pix and no difference. I do know the access list
> is working because when I remove telnet access for the host 66.8.177.x then
> the log shows dropped connection due to access list.
>
> Where can I start looking to debug this, any ideas / recommendations?
>
>
So if all machines run public IP's how do you have the interfaces
configured? What is you trusted interface (inside network) and what is
your untrusted interface(outside network)? You could post relevant
portions of your config munging ip's and passwords.


Chad

Reply to Anonymous
Jonathan   04-16-2004 at 09:22:25 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

I was a dummy. On the router I had a route statement sending traffic to the
"internal" if instead of the outside interface of the pix. I changed the
route statement around and it worked.

Reply to Jonathan
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > Firewall > pix 515E cannot access www or telnet
Go to:

There are 1279 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.233 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them