Joseph Shepherd wrote:
--> Router -> Cisco PIX 501 -> Windows 2003 Standard ( 192.168.1.3) -> Windows XP (192.168.1.5) Two computer is connected directly to PIX 501.
only 192.168.1.3 can access to internet outside. not 192.168.1.5.
I'm a little rusty on the PIX, but don't access lists have an implicit "deny" at the end? If so, wouldn't
access-list outside_access_in permit tcp any host 67.53.24.194 eq smtp access-list outside_access_in permit tcp any host 67.53.24.194 eq www access-list outside_access_in permit tcp any host 67.53.24.194 eq domain access-list outside_access_in permit tcp any host 67.53.24.194 eq ftp access-list outside_access_in permit tcp any host 67.53.24.194 eq 1812 access-list outside_access_in permit tcp any host 67.53.24.194 eq 1813 access-list outside_access_in permit udp any any eq domain
[ implied: deny ip any any ]
in conjunction with
access-group outside_access_in in interface outside
allow inbound mail, web, DNS, FTP, and RADIUS connections, and bone just about everything else, including the PATed replies coming back in to .5?