Question : access-lists are not working

I can not figure out why my access-lists are not working.
I think it my be a nat or routing issue but do not know enough about routing to determine.

cisco-pix(config)# sho route
outside 0.0.0.0 0.0.0.0 71.39.227.222 1 OTHER static // What is this line doing? Is this the address that internal comps use for an IP on the internet?
outside 71.39.227.216 255.255.255.248 71.39.227.217 1 CONNECT static // 71.39.227.217 is the outside IP address of the PIX
inside 192.168.4.0 255.255.255.0 192.168.4.1 1 CONNECT static

Is this line translating everything from the outside to a 192.168.4.xxx address?
cisco-pix(config)# sho nat
nat (inside) 1 192.168.4.0 255.255.255.0 0 0

If everything above is correct, shouldn't the opened ports following work?
cisco-pix(config)# show static
static (inside,outside) 71.39.227.218 192.168.4.137 netmask 255.255.255.255 0 0
static (inside,outside) 71.39.227.219 192.168.4.135 netmask 255.255.255.255 0 0
static (inside,outside) 71.39.227.220 192.168.4.132 netmask 255.255.255.255 0 0

cisco-pix(config)# sho access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 256)
alert-interval 300
access-list inbound; 1 elements
access-list inbound line 1 permit icmp any any (hitcnt=0)
access-list outside; 12 elements
access-list outside line 1 permit icmp any any echo-reply (hitcnt=0)
access-list outside line 2 permit tcp any host 71.39.227.218 eq ssh (hitcnt=0)
access-list outside line 3 permit tcp any host 71.39.227.218 eq domain (hitcnt=0)
access-list outside line 4 permit tcp any host 71.39.227.218 eq www (hitcnt=0)
access-list outside line 5 permit icmp any host 71.39.227.218 echo-reply (hitcnt=0)
access-list outside line 6 permit tcp any host 71.39.227.219 eq ssh (hitcnt=0)
access-list outside line 7 permit tcp any host 71.39.227.219 eq domain (hitcnt=0)
access-list outside line 8 permit tcp any host 71.39.227.219 eq www (hitcnt=0)
access-list outside line 9 permit icmp any host 71.39.227.219 echo-reply (hitcnt=0)
access-list outside line 10 permit tcp any host 71.39.227.220 eq 3389 (hitcnt=0)
access-list outside line 11 permit tcp any host 71.39.227.220 eq www (hitcnt=0)
access-list outside line 12 permit icmp any host 71.39.227.220 echo-reply (hitcnt=0)

Answer : access-lists are not working

Add the following command:

access-group outside in interface outside

That will bind the access-list named outside to the PIX outside interface.
After you add that commad, run the following command on the PIX as well.

clear xlate
clear arp

To refresh the PIX session table. Now to test this, be sure that the server 192.168.4.137 is able to browse
the internet from BEHIND the PIX (don't bypass the PIX). If it is not able to go out to the internet, then check if
you can reach the internet from the PIX itself. To check this, just do the following:

ping 71.39.227.222
ping 4.2.2.2

The first one is the default gateway, the 2nd one is an internet IP.

Random Solutions

Socket Error 10049

Admin server manage managed server in different domain

Ampersand in domain name

problelm with JDBC

Need help setting up IP routing to SBS 2003 with Public LAN/WAN

Can you scan documents over a network?

Adding a Win2k3 Server to a single Win2k Server domain - Adprep reports success but no /domainprep entries in AD

DNS configuration for a Windows 2003 SBS domain

linear approximation of lat/long

DirecWay Pro w/dedicated IP ... I want to allow my machine to be a web server.