Tom, I am seeing the following:
configure terminal access-list 101 permit tcp any host x.x.17.34 eq ftp access-list 101 permit tcp any host x.x.17.34 eq www access-list 101 permit tcp any host x.x.17.34 eq smtp !PAT for extenal web access global (outside) 1 x.x.17.34 nat (inside) 1 192.168.0.0 255.255.0.0 0 0 !Port redirection for email, ftp, web server static (inside,outside) tcp x.x.17.34 ftp 192.168.x.x ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp x.x.17.34 www 192.168.x.x www netmask 255.255.255.255 0 0 static (inside,outside) tcp x.x.17.34 smtp 192.168.x.x smtp netmask 255.255.255.255 0 0 !allow external access to email, ftp, web server access-group 101 in interface outside exit Is this similar to what you have? Are you seeing anything in the Xlate table indicating that the internal users are at least getting a xlate on the PIX? I am more familiar with conduit statements, but the ACL's are the same. I think I would take this back to PAT if there are still issues. Prove PAT then add statements to see what is killing the connections. Les -----Original Message----- From: Tom Nielsen [mailto:[EMAIL PROTECTED]] Sent: Sun 9/22/2002 12:11 AM To: [EMAIL PROTECTED] Cc: Subject: RE: PIX Question [7:53832] I saw that in my search for the answer. When I try to implement it, the only device that is able to get on the internet is the device hosting the website/email. All other workstation could resolve the internet websites but could not browse. Tom &i=53841&t=53832 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] - This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. - If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53843&t=53832 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
