pix 515E cannot access www or telnet

Archived from groups: comp.security.firewalls (More info?)

Hi,

I've been battling along last 2 days with my config and the end result is I
can only ping / tracert to machines on the internet.
All hosts on the network run on public ip addresses therefore no natting.

I allow telnet but cannot telnet - or it seems somewhere data is getting
lost and telnet session never establishes. This is what log shows:

Built outbound TCP connection 17 for faddr 196.4.16.227/23 gaddr
66.8.177.x/3901 laddr 66.8.177.x/3901

After a while it shows:
Teardown TCP connection 17 faddr 196.4.16.227/23 gaddr 66.8.177.x/3901
laddr 66.8.177.x/3901duration 02:11 bytes 0 (SYN Timeout)

I have tried adding a route statement on router for 66.8.177.x to the
internal interface of the pix and no difference. I do know the access list
is working because when I remove telnet access for the host 66.8.177.x then
the log shows dropped connection due to access list.

Where can I start looking to debug this, any ideas / recommendations?
2 answers Last reply
More about 515e access telnet
  1. Archived from groups: comp.security.firewalls (More info?)

    jonathan wrote:
    > Hi,
    >
    > I've been battling along last 2 days with my config and the end result is I
    > can only ping / tracert to machines on the internet.
    > All hosts on the network run on public ip addresses therefore no natting.
    >
    > I allow telnet but cannot telnet - or it seems somewhere data is getting
    > lost and telnet session never establishes. This is what log shows:
    >
    > Built outbound TCP connection 17 for faddr 196.4.16.227/23 gaddr
    > 66.8.177.x/3901 laddr 66.8.177.x/3901
    >
    > After a while it shows:
    > Teardown TCP connection 17 faddr 196.4.16.227/23 gaddr 66.8.177.x/3901
    > laddr 66.8.177.x/3901duration 02:11 bytes 0 (SYN Timeout)
    >
    > I have tried adding a route statement on router for 66.8.177.x to the
    > internal interface of the pix and no difference. I do know the access list
    > is working because when I remove telnet access for the host 66.8.177.x then
    > the log shows dropped connection due to access list.
    >
    > Where can I start looking to debug this, any ideas / recommendations?
    >
    >
    So if all machines run public IP's how do you have the interfaces
    configured? What is you trusted interface (inside network) and what is
    your untrusted interface(outside network)? You could post relevant
    portions of your config munging ip's and passwords.


    Chad
  2. Archived from groups: comp.security.firewalls (More info?)

    I was a dummy. On the router I had a route statement sending traffic to the
    "internal" if instead of the outside interface of the pix. I changed the
    route statement around and it worked.
Ask a new question

Read More

Firewalls Connection Telnet Networking