Recent content by dchp

Thank you for your assistance. Your responses are appreciated.

Have you done a terminal montitor and a debug? Your inside access list is probably denying port 53, or DNS. Can you access sites by address?

How heavily are those web sites being hit? What is the internet connection bandwidth? 40 users is not that high, unless they are active web surfers. The 515 would give added benefits, such as connectivity to vpn clients(the 506 will do a vpn, but not to concentrator software), and growth...

Would anyone know if there is a setting to automatically log users(or kill them) after a network connection failure? A timeout perhaps?

I am using a static nat here based on the MX record, have mailguard enabled, and am getting mail in and out. This may be your issue. Have you done a static nat to your mail server? That may be why mail is not returning to your server....You only need to allow port 25 in from the outside to this...

NOktar: Is the outbound list parsed by the pix in the same fashion as an access-list? IE would your deny any any need to be at the end?

We deleted the pwl files. The machine is authenticating on the domain properly. It can access all other resources without any difficulty. We have repaired and upgraded IE without effect. Any other ideas?

We have a Windows 98 IE 5.5 sp2 workstation that asks for logon credentials when visiting web pages that contain office documents on our intranet. Other machines with the same config do not. We have tried setting to default, changing security modes on IE, to no avail. User can access pages...

An interesting point, webnetwiz, I am running 25 to an exchange server with mailguard enabled. I have not had any problems. Is this only on specific versions?

Is anyone else able to email this site? Can you do an nslookup on type mx? I had a similar problem, and it turned out to be a dns problem with our isp.

Try access-list luis deny tcp host 192.168.0.70 any eq 80 access-list luis permit ip any any There is an implicit deny at the end of the access list.

No, http will just resolve to port 80. Are you running fixup on port 80? It should be on by default. Basically the pix will not filter at the application level. What you could do is install a proxy, and only allow 80 out from that server.

I notice you are logging to an inside host. You might want to increase that level to a 13 temporarily, and try an nslookup from your workstation. That should tell you if the pix is interfering with the DNS lookup. It is odd that it was working, and is now not with the pix. Have you changed the...

Don't forget your internal users. They can be the most dangerous, and your pix will not be of much help as they are inside your network....

You might want to consider allowing 443 out as well(tcp secure sockets). That way, when someone tries to check their bank account, you will not get a call.