I have only worked with PIX on one

[netmediasystems]

I have only worked with PIX on one occassion, but work with IOS everyday. A client is complaining that he is unable to connect to certain devices on a 10.11.88.x network. He is able to connect to 10.11.88.2,3,4,5,6..so on, but not to 10.11.88.79 and 81. I did not configure the pix nor anything on the network beyond 2 router installs. I know the pix is denying the traffic to these addresses. I need to know the statement that will allow all traffic from the 10.11.88.x network flow to the 192.168.40.2 network.

Also I need to have the pix nat inbound traffic from the 215.x.x.x network. Since I dont know pix well, im sure this isnt enough information. The only addresses from this network (215) that I do not need NAT'd are .133 and .137.
Any help would be greatly appreciated.

brian

 

[iiiiss]

HI !

To allow traccif trough the pix xou need access-lists eg.:

access-list NAME permit/deny PROTOCOLL SOURCE NETMASK DESTINATION NETMAS

then you have to bind the access-lists to the interface with access-groups eg.: access-group ACCESS-LIST-NAME in interface INTERFACENAME

FOR example when you want to allow tcp traffic from inside out then you need

access-list inside permit tcp xxx.xxx.xxx.xxx xxx.xxx.xxx.xx .....

access-group inside in interface inside

for natting you first ned a nat command such as : nat (inside) 1 IP-ADDRESS/RANGE

"1" is the ID of the nat command

and then a global command : global (outside) 1 OUTSIDE-ADRESS/RANGE

Hope that helps