Questions

Issue with PIX access or NAT

+
0 Votes
Locked

Issue with PIX access or NAT

Timbrewolf
Strange issue here. I posted a few weeks ago with a problem that was the beginning issues of what has become a full network problem.

We have a Fiber access line going directly into a Cisco Pix. Everything was working a few weeks ago, then we started getting a strange issue on one server - Internet access wasn't working on that IP address. (Incoming or outgoing). We changed that IP address and it worked, but of course the services weren't available through a different IP.

Then our Fiber provider changed all the IP addresses so we had to change the NAT structure for the PIX. All we did was change the external addresses.

Now, any internal server that has an access or NAT assigned to it gets shut off external access. I can access everything Internally, and the server can access (and receive access) internally, but once it hits the Pix, access ends.

This has been narrowed down to an issue with NAT or opening any ports. I've removed all the translations and all of our servers have access to the Internet.

The problem is we've moved to a backup T1 (where everything works fine through that firewall - so it's narrowed further to an issue with the PIX), but our servers need much more bandwidth.

A cisco engineer for our parent company programmed this Pix. I have full access and would be thrilled if someone would offer to look through the running-config for a possible issue. I am familiar with the configs, but this is beyond my capacity to fix right now.

Thanks for any offers of help - sometimes just having another set of eyes look for strangeness can be incredibly helpful!

PS - Specifically, at the moment, I just need to open up http tcp 80 access to ONE server. But whenever I create that translation it cuts the server off external access as described.
  • +
    0 Votes
    jaudet

    Hello,
    Are you still having this issue? If so I would be glad to assist. Send me an email at jaudet (at) ans-llc (dot) net and I will work with you from there.

    Thanks,
    Joe Audet

  • +
    0 Votes
    jaudet

    Hello,
    Are you still having this issue? If so I would be glad to assist. Send me an email at jaudet (at) ans-llc (dot) net and I will work with you from there.

    Thanks,
    Joe Audet