Basic PIX config to get to PDM 1

[khilari]

This is a brand new PIX 535 config. All i want to do is connect to it via PDM or ASDM. I have IP'ed the interface but can't ping anything from the firewall. Here is what i get when i ping
Sending 5, 100-byte ICMP Echos to 10.10.1.116, timeout is 2 seconds:
No route to host 10.100.1.116

Success rate is 0 percent (0/1)

I have added routes before ... e.g. route inside 0 0 10.10.1.1 1, but it still doesn't work... can you tell me what is wrong with the config below?? Thanks so much.


PIX Version 7.0(2)
names
!
interface GigabitEthernet0
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.10.1.115 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
enable password *************** encrypted
passwd ***************** encrypted
hostname my-dmz
domain-name none.com
ftp mode passive
pager lines 24
mtu inside 1500
no failover
monitor-interface inside
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.10.1.116 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:b4839ccd26870b1004516d74f49e4b11
: end

 

[khilari]

Here is the output of show eth1

sh interface eth1
Interface Ethernet1 "inside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address 000d.8810.48e9, MTU 1500
IP address unassigned
9012 packets input, 607207 bytes, 0 no buffer
Received 9012 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/5)
output queue (curr/max blocks): hardware (0/0) software (0/0)
Received 9012 VLAN untagged packets, 481039 bytes
Transmitted 0 VLAN untagged packets, 0 bytes
Dropped 4257 VLAN untagged packets

 

[Minue]

Hello
Check your configuration again.The "show int"say IP address unassigned"I think that's the problem.
Regards

 

[khilari]

i rebooted the pix and still didn't see the IP assigned to Eth1... check the following output, I am beginning to think that it is not taking my commands, any idea what i am doing wrong?

my-dmz(config)# int eth1
my-dmz(config-if)# shutdown
my-dmz(config-if)# show int eth1
Interface Ethernet1 "inside", is administratively down, line protocol is up
Hardware is i82559, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address 000d.8810.48e9, MTU 1500
IP address unassigned
972 packets input, 70740 bytes, 0 no buffer
Received 972 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/1)
output queue (curr/max blocks): hardware (0/0) software (0/0)
Received 954 VLAN untagged packets, 56121 bytes
Transmitted 0 VLAN untagged packets, 0 bytes
Dropped 504 VLAN untagged packets
my-dmz(config-if)# ip address 10.10.1.115 255.255.255.0
my-dmz(config-if)# no shut
my-dmz(config-if)# sh int eth1
Interface Ethernet1 "inside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address 000d.8810.48e9, MTU 1500
IP address unassigned
995 packets input, 72486 bytes, 0 no buffer
Received 995 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/1)
output queue (curr/max blocks): hardware (0/0) software (0/0)
Received 956 VLAN untagged packets, 56213 bytes
Transmitted 0 VLAN untagged packets, 0 bytes
Dropped 504 VLAN untagged packets

 

[Minue]

Hello
This is the official way to configure the pix 7.0 image.Try it and tell me how it goes.

hostname(config)# interface gigabitethernet0/1
hostname(config-if)# speed 1000
hostname(config-if)# duplex full
hostname(config-if)# nameif inside
hostname(config-if)# security-level 100
hostname(config-if)# ip address 10.1.1.1 255.255.255.0
hostname(config-if)# no shutdown

Regards

 

[khilari]

okay, i did a write erase and started over. here is my output. Is it safe to assume that there is something wrong with the pix?

pixfirewall# conf t
pixfirewall(config)# interface Ether
pixfirewall(config)# interface Ethernet 1
pixfirewall(config-if)# speed 100
pixfirewall(config-if)# duplex full
pixfirewall(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
pixfirewall(config-if)# ip address 10.10.1.115 255.255.255.0
pixfirewall(config-if)# no shutdown
pixfirewall(config-if)# exit
pixfirewall(config)# exit
pixfirewall# ping 10.10.1.116
Sending 5, 100-byte ICMP Echos to 10.10.1.116, timeout is 2 seconds:
No route to host 10.10.1.116

Success rate is 0 percent (0/1)
pixfirewall# sh int eth1
Interface Ethernet1 "inside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
MAC address 000d.8810.48e9, MTU 1500
IP address unassigned
867 packets input, 65220 bytes, 0 no buffer
Received 867 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/3)
output queue (curr/max blocks): hardware (0/0) software (0/0)
Received 170 VLAN untagged packets, 9329 bytes
Transmitted 0 VLAN untagged packets, 0 bytes
Dropped 73 VLAN untagged packets
pixfirewall#

 

[Minue]

Hello
The problem is strange!I dont think there's a physical problem.Cisco equipment is very robust.
I would try dhcp address as another test.Do you have a dhcp server in your network?
Regards

 

[khilari]

Minue, thanks for your help. I finally figured it out. This PIX was in standby mode. I issued the "failover" command and it changed mode. After that, i was able to assign the ip to eth1 and things worked as expected.

Thanks,