急,pix515E出问题了,请大家帮帮我

zhaoyingfei

我这的环境是这样的,我有几台托管服务器,使用内网IP  192.168.0.22,192.168.0.23,192.168.0.24,通过PIX515E映射成公网IP200.200.80.22 , 200.200.80.23 , 200.200.80.24 为外部提供WEB服务,同时为了控制方便,所以我使用了远程桌面进行远程控制,但是经常出现不定时的外网无法通过远程桌面连入2200.200.80.22服务器现像. 但我可以先远程登录到200.200.80.23或200.200.80.24,然后再通过内网登录到192.168.0.22上, 192.168.0.22可以连接到防火墙和其他的内网机器.如果重新启动一下服务器192.168.0.22这种现像就消失了,也就是可以从外网通过IP 200.200.83.22进行远程登录了.
       这个问题查了好多地方都没有头绪,所以请大家帮帮忙,谢谢!

zhaoyingfei

pixfirewall# sh run
: Saved
:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside securit
nameif ethernet1 inside security
enable password 8Ry2YsSy6ERRXU24
passwd HVaWv5k1yRto9NEl encrypte
hostname pixfirewall
fixup protocol dns maximum-lengt
no fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-171
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol snmp 161
fixup protocol snmp 162
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl-in permit tcp 192.168.1.0 255.255.255.0 host 200.200.80.25
access-list acl-in permit tcp host 210.192.87.32 host 200.200.80.25
access-list acl-in permit tcp host 210.192.87.32 host 200.200.80.25
access-list acl-in deny tcp any host 200.200.80.25
access-list acl-in permit udp host 210.192.87.32 any
access-list acl-in permit udp host 210.192.87.32 any
access-list acl-in permit tcp any any
pager lines 24
logging on
mtu outside 1500
mtu inside 1500
ip address outside 200.200.80.26 255.255.255.0
ip address inside 192.168.1.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
static (inside,outside) 200.200.80.22 192.168.1.22 netmask 255.255.255.255 0 0
static (inside,outside) 200.200.80.22 192.168.1.23 netmask 255.255.255.255 0 0
static (inside,outside) 200.200.80.22 192.168.1.24 netmask 255.255.255.255 0 0
static (inside,outside) 200.200.80.22 192.168.1.25 netmask 255.255.255.255 0 0

access-group acl-in in interface outside
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 200.200.80.252 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local

snmp-server location top
snmp-server contact zhanbo
snmp-server community asdfghjk
snmp-server enable traps
floodguard enable
telnet 192.168.1.0 255.255.255.0 inside

telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:8b2b1we2c16d3321cf5b3d372f58784b
: end
pixfirewall#

xliu

看看你的那个200.200.83.22的服务器吧，pix的配置没有什么问题，或者吧200.200.83.23的网口和200.200.83.22的网口交换一下，看看是不是还有这样的问题

coday

当不能进行远程桌面的时候，请查看一下PIX上对应此服务器的连接情况