Ok, so I am having a spot of bother with a Cisco PIX515, I have posted the current running config below, now I am no cisco expert by any means although I can do basic stuff with them, now I am having trouble with traffic sent from the outside to address: 10.75.32.25 it just doesn't appear to be going anywhere.
Now this firewall is deep inside a private network, with an upstream firewall that we don't manage. I have spoken to the people that look after that firewall and they say they they have traffic routing to 10.75.32.21 and 10.75.32.25 and thats it (although there is a website that runs from the server 172.16.102.5 which (if my understanding is correct) gets traffic via 10.75.32.23.
Any ideas would be greatly appreciated as to me it should all just work, but its not (obviously if the config is all correct then there could be a problem with the web server that we are trying to access on 10.75.32.25, although the users say that they can get to it internally (172.16.102.8) which is even more confusing)
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 academic security50
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 195.157.180.168 outsideNET
name 195.157.180.170 globalNAT
name 195.157.180.174 gateway
name 195.157.180.173 Mail-Global
name 172.30.31.240 Mail-Local
name 10.75.32.20 outsideIF
name 82.219.210.17 frogman1
name 212.69.230.79 frogman2
name 78.105.118.9 frogman3
name 172.16.0.0 acadNET
name 172.16.100.254 acadIF
access-list acl_outside permit icmp any any echo-reply
access-list acl_outside permit icmp any any unreachable
access-list acl_outside permit icmp any any time-exceeded
access-list acl_outside permit tcp any host 10.75.32.22 eq smtp
access-list acl_outside permit tcp any host 10.75.32.22 eq 8383
access-list acl_outside permit tcp any host 10.75.32.22 eq 8385
access-list acl_outside permit tcp any host 10.75.32.22 eq 8484
access-list acl_outside permit tcp any host 10.75.32.22 eq 8485
access-list acl_outside permit ip any host 10.75.32.30
access-list acl_outside permit tcp any host 10.75.32.25 eq https
access-list acl_outside permit tcp any host 10.75.32.25 eq www
access-list acl_outside permit tcp any host 10.75.32.23 eq www
access-list acl_outside permit tcp any host 10.75.32.23 eq https
access-list acl_outside permit tcp host frogman1 host 10.75.32.23 eq ssh
access-list acl_outside permit tcp host frogman2 host 10.75.32.23 eq ssh
access-list acl_outside permit tcp host frogman3 host 10.75.32.23 eq ssh
access-list acl_outside permit tcp any host 10.75.32.23 eq 2001
access-list acl_outside permit tcp host frogman1 host 10.75.32.24 eq 8441
access-list acl_outside permit tcp host frogman2 host 10.75.32.24 eq 8441
access-list acl_outside permit tcp host frogman3 host 10.75.32.24 eq 8441
access-list acl_outside permit tcp host frogman1 host 10.75.32.24 eq 8442
access-list acl_outside permit tcp host frogman2 host 10.75.32.24 eq 8442
access-list acl_outside permit tcp host frogman3 host 10.75.32.24 eq 8442
access-list acl_outside permit tcp host frogman1 host 10.75.32.24 eq 8443
access-list acl_outside permit tcp host frogman2 host 10.75.32.24 eq 8443
access-list acl_outside permit tcp host frogman3 host 10.75.32.24 eq 8443
access-list acl_outside permit tcp any host 10.75.32.23 eq smtp
access-list acl_outside permit tcp any host 10.75.32.23 eq ssh
access-list acl_outside permit tcp any host 10.75.32.24 eq ssh
access-list acl_acad permit icmp any any echo-reply
access-list acl_acad permit icmp any any unreachable
access-list acl_acad permit icmp any any time-exceeded
access-list acl_acad permit tcp any 10.0.0.0 255.0.0.0 eq www
access-list acl_acad deny tcp any any eq www
access-list acl_acad permit tcp any 10.0.0.0 255.0.0.0 eq https
access-list acl_acad permit tcp any 10.0.0.0 255.0.0.0 eq 8080
access-list acl_acad permit tcp host 172.16.102.5 host 10.64.1.115 eq smtp
pager lines 24
logging console debugging
mtu outside 1500
mtu inside 1500
mtu academic 1500
ip address outside outsideIF 255.255.252.0
no ip address inside
ip address academic acadIF 255.255.0.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 10.75.32.21
nat (academic) 1 acadNET 255.255.0.0 0 0
static (academic,outside) 10.75.32.22 Mail-Local netmask 255.255.255.255 0 0
static (academic,outside) 10.75.32.30 172.30.30.36 netmask 255.255.255.255 0 0
static (academic,outside) 10.75.32.23 172.16.102.5 netmask 255.255.255.255 0 0
static (academic,outside) 10.75.32.24 172.16.102.6 netmask 255.255.255.255 0 0
static (academic,outside) 10.75.32.25 172.16.102.8 netmask 255.255.255.255 0 0
access-group acl_outside in interface outside
access-group acl_acad in interface academic
route outside 0.0.0.0 0.0.0.0 10.75.32.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
snmp-server host outside 172.31.10.153
snmp-server host outside 172.31.10.154
snmp-server host outside 172.31.10.155
no snmp-server location
no snmp-server contact
snmp-server community CPQ_HHS
no snmp-server enable traps
floodguard enable
telnet 172.30.31.0 255.255.255.0 academic
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 120
Cryptochecksum:hi2u
: end
PIX515#
