Cisco Pix does not let traffic pass from outside to inside even though ACL permits

Posted by Rickard on Server Fault See other posts from Server Fault or by Rickard
Published on 2012-12-13T22:16:29Z Indexed on 2012/12/13 23:05 UTC
Read the original article Hit count: 387

Filed under:

cisco-pix

I have tried to make my pix 515 allow traffic from outisde interface to inside, but despite permitting ACL's, it doesn't seem to let traffic through. (It is letting traffic out as it should though)

I am have tried both of the following:

access-list acl_in extended permit tcp any host 10.131.73.2 eq www

and

access-list acl_in extended permit ip any any

None of them help, but I can access 10.131.73.2 from any host on the inside network. This is a one single host on the inside that should every now and then have an HTTP server running for development purpouses, so it doesn't need to reside on DMZ (and as far as I know, I can't place it on DMZ either as it's in the same subnet as the other ip's I have.

Could I have missed anything? I am using PIX Version 8.0(4)

My current running config looks like this: http://pastebin.com/TvRFyDrF

Hope someone can help me get this working.

Related posts about cisco-pix

Cisco PIX 515 internet connection

as seen on Server Fault - Search for 'Server Fault'
We have a ASDL modem connected to a Cisco PIX 515 to a switch. We have managed to get the PIX setup with ethernet1 (inside) with our IP range 192.168.5.1-192.168.5.254 and the internal network is working fine. We are having difficulty getting a connection from the PIX through the router on ethernet0… >>> More
Cisco Pix 501 - reaching local host limit, showing odd IP addresses

as seen on Server Fault - Search for 'Server Fault'
I am running out of licenses on my Pix 501, and the show local-host command lists a number of odd IP addresses that do not belong to my 10.10.1.* subnet. Any idea what they are? The only thing I could find was a potential ISP: DINSA is Defence Interoperable Network Services Authority, an agency of… >>> More
Cisco pix command - whats this command mean?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Anyone know what the following means? I have these two lines in our cisco PIX configuration file but have no references to these IP's anywhere else in the config and cant find a device on the network with them. global (inet) 10 213.228.xxx.xx global (inet) 20 213.228.xxx.xx thanks, Jason (BTW:… >>> More
Cisco PIX to Juniper Netscreen Policy-based VPN fails Phase 2 Proposal

as seen on Server Fault - Search for 'Server Fault'
I've followed the instructions to configure a VPN between a netscreen device and a Cisco PIX as directed by Cisco's [netscreen to PIX VPN]http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801c4445.shtml article. The only differences are that I'm running PIX 6.3(5)… >>> More
Un-failing over a Cisco PIX 515e

as seen on Server Fault - Search for 'Server Fault'
We had a power outage at our data center last week and when our dual PIX 515E running IOS 7.0(8) (configured with a failover cable) came back, they were in a failed over state where the Secondary unit is active and the Primary unit is standby I have tried 'failover reset', 'failover active', and… >>> More

Developer IT