R--FW--DMZ | Inside | Proxy One proxy is connected to the inside switch connecting to the FW, but internal users are slow to the outside,but the DMZ users are good.why? I think something wrong with the proxy configuration! The config is follwing:
sh conf : Saved : PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 nameif ethernet3 intf3 security15 nameif ethernet4 intf4 security20 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list 101 permit tcp any host 202.99.33.66 eq domain access-list 101 permit udp any host 202.99.33.66 eq domain access-list 101 permit tcp any host 202.99.33.67 eq domain access-list 101 permit udp any host 202.99.33.67 eq domain access-list 101 permit tcp any host 202.99.33.69 eq smtp pager lines 24 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto interface ethernet3 auto shutdown interface ethernet4 auto shutdown mtu outside 1500 mtu inside 1500 mtu dmz 1500 mtu intf3 1500 mtu intf4 1500 ip address outside 202.99.34.26 255.255.255.248 ip address inside 192.168.4.1 255.255.255.0 ip address dmz 202.99.33.254 255.255.255.0 ip address intf3 127.0.0.1 255.255.255.255 ip address intf4 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address dmz 0.0.0.0 failover ip address intf3 0.0.0.0 failover ip address intf4 0.0.0.0 pdm history enable arp timeout 14400 global (outside) 1 202.99.33.253 netmask 255.255.255.0 global (dmz) 1 202.99.33.73 netmask 255.255.255.0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (dmz) 0 202.99.33.0 255.255.255.0 0 0 static (inside,outside) 202.99.33.74 192.168.4.250 netmask 255.255.255.255 0 0 static (inside,dmz) 202.99.33.75 192.168.4.250 netmask 255.255.255.255 0 0 access-group 101 in interface outside route outside 0.0.0.0 0.0.0.0 202.99.34.30 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps no floodguard enable no sysopt route dnat telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:c64047c1918e68b2c5136af635cd2a0d pixfirewall(config)# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35603&t=35603 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
