Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

can't ping to outside from pix 515e

Status
Not open for further replies.
cisco99999

cisco99999

IS-IT--Management
Nov 5, 2007
71
US
Hello guys,

I setup my pix 515e with an external ip (static ip ) for ethernet 0, but i still can't ping gmail, google.com or any domains.

Here is the sh int of ethernet 0

===================
pixfirewall# sh interface ethernet 0
Interface Ethernet0 "outside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address 0016.4616.0990, MTU 1500
IP address 208.89.23.104, subnet mask 255.255.255.192
184460 packets input, 11892047 bytes, 0 no buffer
Received 182608 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
83 packets output, 5312 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/5)
output queue (curr/max blocks): hardware (0/1) software (0/1)
Received 184493 VLAN untagged packets, 9307484 bytes
Transmitted 83 VLAN untagged packets, 2324 bytes
Dropped 5653 VLAN untagged packets
pixfirewall#
========================

I can ping this ip 208.89.23.123 which is my other file server and same ISP. Any idea? Thanks
 
Sort by date Sort by votes
I mean i can't ping this ip 72.14.253.83 (gmail's ip) but still can ping any ip from this range 208.89.23.xx . Is this normal ? Thanks
 
Upvote 0 Downvote
thanks but still can't ping either

==========
pixfirewall# ping 4.2.2.2
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
No route to host 4.2.2.2

Success rate is 0 percent (0/1)
pixfirewall#
===========




 
Upvote 0 Downvote
As your output indicates, you have no route to 4.2.2.2 .... post a copy of your configuration.
 
Upvote 0 Downvote
HEre is my running-config

===========
pixfirewall# sh running-configrewall#
domain-name default.do
: Savedalid
:
PIX Version 7.0(2)
:
PI
ftp mode
namesve
!
interface Ethernet0es 24
interface Eth
nameif outsideformationalname
security-level 0
mtu outside
ip address 208.89.23.104 255.255.255.1928.202.10
mtu intf2 150092
moni
!r
interface Ethernet1
!
interface Eth
nameif insideterface inside
security-level 100
monitor-interf
ip address 192.168.1.1 255.255.255.0image flash:/asdm-502.bin
!
interface Ethernet2 history enable Eth
shutdown

aaa-serve
mtu intf2 1500col tacacs+tf2
monitor-interface outsider-inte
aaa-server RADIUS
monitor-interface insideor-interface inside

monitor-interface intf2tor-interfac
http 192.1
asdm image flash:/asdm-502.binflash:/asdm-502.bin
asdm history enableocationstory enable
arp timeout 14400p-server contact4
nat-control
n
s
timeout xlate 3:00:00ublic xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icm:00 udp 0:
no sysopt connection
no snmp-server locationclass inspection_defaul
no snmp-server contact
inspect dns maxi
snmp-server community public
inspect
snmp-server enable traps snmp3 h225
i
no sysopt connection permit-ipsec inspect http
in
telnet timeout 5
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:ec7969c712d3cb8b2b78eb0c9c32e5b1
: end
pixfirewall#
===============
 
Upvote 0 Downvote
The previous one is not clear, hope this one look better
=================
pixfirewall# sh running-configt: Ethernet1
: Saved16.4616
:9
PIX Version 7.0(2)
pixfirewall
namesnterf
!e
interface Ethernet0
2: Ext: Ethern
nameif outsideaddress is 000e
security-level 0
pixfirew
ip address 208.89.23.104 255.255.255.192

Licensed features for this platform:
!
interface Ethernet1
Maxim
nameif insideerfaces : 3Inv
security-level 100at '^' m
Maximum VL
ip address 192.168.1.1 255.255.255.0
pixfirewall#
Inside Hosts
!
interface Ethernet2net 0
shutdown
Fa
nameif intf2 :
security-level 4e protocol is up
no ip addressN-DES
!
enable password 2KFQnbNIdI.2KYOU encrypted59, BW 100 M
VPN-3DES-AES :
passwd 2KFQnbNIdI.2KYOU encryptedplex), Auto-S
Cut-through Proxy
hostname pixfirewall
domain-name default.domain.invali

asdm image flash:/asdm-502.binrial Number: 809461756, 0 abor
asdm history enablening Activation Key
arp timeout 1440062e44 0xeff03b50
nat-controlets output,
timeout xlate 3:00:00ns
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:0224 UTC Thu Dec 6 2007ts
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00ed

Logoff

Type help or '?' for a list of available
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
pixfirewall> reloadeue (curr/max block

timeout uauth 0:05:00 absolutealid input detected at '^' mar
aaa-server TACACS+ pro

snmp-server community public77881 801ce02ates
snmp-server enable traps snmp

1950 bytes copied in
no sysopt connection permit-ipsec
Proceed with reload? [co
telnet timeout 5 ping 20
ssh timeout 5l# reload
ssh version 1i
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:ec7969c712d3cb8b2b78eb0c9c32e5b1
: end
pixfirewall#
 
Upvote 0 Downvote
What terminal emulator are you using? I can't make heads or tails out of that.
 
Upvote 0 Downvote
Hi there,

I'm using hyper terminal, here is my sh ver again. it look better after trim all the unnecessary stuff

===========
PIX Version 7.0(2)
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 208.89.23.104 255.255.255.192
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet2
shutdown
nameif intf2
security-level 4
no ip address
!
===========

Thanks
 
Upvote 0 Downvote
Do you have a default route configured?


route outside 0 0 x.x.x.x


Where x.x.x.x is your default gateway?
 
Upvote 0 Downvote
I did not have default route configure, so i just done it (pixfirewall#route outside 0 0 208.89.23.126). Note: 208.89.23.126 is my default gateway. Now i see this line "route outside 0.0.0.0 0.0.0.0 208.89.23.126 1" in my running-config.

I can ping other IP just fine now, but still can not the domain name (gmail.com or yahoo.com). Last question how do i add dns-server for this outside interface ? The command "dns-server 208.88.88.88" does not work for pix 515e. Thanks alot.
 
Upvote 0 Downvote
Does any one have any ideas why it does work for me ? Did i miss something here ? Thanks.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
967
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
755
Johnkite
Johnkite
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
194
Garbear
Garbear
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
193
Russtoleum
Russtoleum
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
308
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top