pix 515E cannot access www or telnet

Giganews Newsgroups
Subject: pix 515E cannot access www or telnet
Posted by:  Jonathan (jonathan_smit…@hotmail.com)
Date: Fri, 16 Apr 2004

Hi,

I've been battling along last 2 days with my config and the end result is I
can only ping / tracert to machines on the internet.
All hosts on the network run on public ip addresses therefore no natting.

I allow telnet but cannot telnet - or it seems somewhere data is getting
lost and telnet session never establishes. This is what log shows:

Built outbound TCP connection 17 for faddr 196.4.16.227/23 gaddr
66.8.177.x/3901 laddr 66.8.177.x/3901

After a while it shows:
Teardown TCP connection 17 faddr 196.4.16.227/23 gaddr 66.8.177.x/3901
laddr 66.8.177.x/3901duration 02:11 bytes 0 (SYN Timeout)

I have tried adding a route statement on router for 66.8.177.x to the
internal interface of the pix and no difference. I do know the access list
is working because when I remove telnet access for the host 66.8.177.x then
the log shows dropped connection due to access list.

Where can I start looking to debug this, any ideas / recommendations?

Replies