From: Annu (annu_roopa@xxxxxxxxx)
Date: Wed Aug 22 2001 - 18:22:39 GMT-3
Bravo,
Looks like a couple of things are missing:
1. For ur ICMP instead of Access-list try the "conduit
permit icmp any any". I am using it and works with 6.0
with PIX 535. The access-list looks correct but did
not work for me.
2. Where is the Nat(inside) 1 statement for natting ?
3. Just the access-list are not sufficient for
allowing Web traffic inside...u have to give and open
conduits with the "Conduit" statements....
4. access-list 100 permit tcp any host 21.23.219.2 eq
www WONT WORK as i know without conduit ?
Couple of thoughts/Questions:
1. When u ping from inside to outside what does ur
traffic counter show ? is it ther ?
2.since u are using 515 the correct interfaces should
be inside outside ? with security values (hi.low etc).
3. There need not be route inside statement as there
is no router on inside but try pointing to ur Web
server with "route inside" .Also what is the Def
gateway on Web server ?
U can try contacting me offline ,so that it does not
clutter the group.Hope it helps.Let me know what u
find. Can u send me the configs if its ok ?
Bye
Annu
=====
Thanks in advance for ur time and replies.
Annu.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:56 GMT-3