Questions

Answer for:

Cisco Pix 506e firewall blocking Win07 from accessing a specific website?

Message 12 of 52

View entire thread
+
0 Votes
VCHD_IT

Here is the PIX configuration:

PIX versison 6.1 <4>
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable passwd
hostname pixfirewall
domain-name cisco.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list inbound permit icmp any any echo-reply
pager lines 24
interface ethernet0 auto
interface ethernet1 auto
icmp permit any unreachable outside
mtu outside 1500
mtu inside 1500
ip audit info action alarm
ip audit attack action alarm
pdm history enale
arp timeout 14400
global <outside>1 interface
nat <inside> 1 0.0.0.0 0.0.0.0 00
access-group inbound in interface outside
route outside
route inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:0
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet 0.0.0.0. 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
dhcpd address inside
dhcpd dns
dhcpd lease 604800
dhcpd ping_timeout 1500
dhcpd domain Mcleodusa.net
dhcpd enable inside
terminal width 80


The item that catches my eye is "dhcpd domain mcleodusa.net" This is a company we used years ago when we go our first high speed internet connection. We have since switched to a local company Soltec which was eventually bought by Iserv. Late last year we dropped Iserv and moved to Compcast for our high speed internet connection. I have notice when I do a ipconfig /all at any of the agency's computers the following is listed "DNS
Suffix Search List.........mcleodusa.net.

I removed the PIx from the network and connect the Comcast Gateway directly to the switch inwhich the PIX was connected. I booted our server and one of the windows 07 computers. The 07 computer could not connect to the server but did have an internet connection. It could open the agency's website. Since the PIX was the dhcp server, all the ip addresses were a dfferent range therefore the window 07 could not connect to the agency's server that has a static IP in a dfferent range. The subnet were the same.

Does this conclude that the PIX is the issue. What is the next step?