Question : Problem: Cisco Pix 501 Troubleshooting

I'm a CISCO novice trying to troubleshoot a PIX 501.  For some reason it is suddenly not allowing incoming connections from the internet into the office.   I have users that are not able to remote desktop in on port 3389, and a webserver that is no long accessible.  

Is there some kind of security feature that will automatically block incoming connections?  Is this router on it's way out?  see attached code:
Code Snippet: 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:

PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password W02GSebFJ.M9uu5C encrypted
passwd W02GSebFJ.M9uu5C encrypted
hostname Corsi
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list inside_outbound_nat0_acl permit ip 10.244.39.0 255.255.255.0 10.202.82.0 255.255.255.0
access-list 135 permit ip 10.244.39.0 255.255.255.0 10.242.55.0 255.255.255.0
access-list outside_cryptomap_60 permit ip 10.244.39.0 255.255.255.0 10.202.82.0 255.255.255.0
access-list inside_access_in permit ip any any
access-list 110 permit tcp any host **WAN IP** eq https
access-list 110 permit tcp any host **WAN IP** eq 10443
access-list 110 permit tcp any host **WAN IP** eq 3389
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside **WAN IP** 255.255.255.224
ip address inside 10.244.39.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.242.55.0 255.255.255.255 inside
pdm location 10.242.55.0 255.255.255.0 outside
pdm location 10.202.82.0 255.255.255.0 outside
pdm location 10.244.39.100 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp **WAN IP** www 10.244.39.100 www netmask 255.255.255.255 0 0
static (inside,outside) tcp **WAN IP** 3389 10.244.39.100 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp **WAN IP** https 10.244.39.100 https netmask 255.255.255.255 0 0
static (inside,outside) tcp **WAN IP** 10443 10.244.39.100 10443 netmask 255.255.255.255 0 0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 **WAN IP** 1
timeout xlate 3:00:00
timeout conn 48:00:00 half-closed 48:00:00 udp 1:30:00 rpc 1:30:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set VPNTranSet esp-3des esp-md5-hmac
crypto map VPNMap 40 ipsec-isakmp
crypto map VPNMap 40 match address 135
crypto map VPNMap 40 set peer 66.210.125.146
crypto map VPNMap 40 set transform-set VPNTranSet
crypto map VPNMap 60 ipsec-isakmp
crypto map VPNMap 60 match address outside_cryptomap_60
crypto map VPNMap 60 set peer 68.15.38.199
crypto map VPNMap 60 set transform-set VPNTranSet
crypto map VPNMap interface outside
isakmp enable outside
isakmp key ******** address **VPN IP** netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address **VPN IP** netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity address
isakmp keepalive 10
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption 3des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
telnet 0.0.0.0 0.0.0.0 outside
telnet 10.244.39.0 255.255.255.0 inside
telnet 10.242.55.0 255.255.255.255 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 60
ssh timeout 5
management-access inside
console timeout 0
dhcpd address 10.244.39.100-10.244.39.129 inside
dhcpd dns 68.9.16.30 68.13.16.30
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
terminal width 80
Cryptochecksum:92f5e2e4311bf93eec9a736f2612c323
: end
Corsi#
Open in New Window Select All

Answer : Problem: Cisco Pix 501 Troubleshooting

I don't see an access list applied for the outside interface, which means that all inbound traffic will be denied by default.

access-group 110 in interface outside
Random Solutions  
 
programming4us programming4us