Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New Pix 506e user

Status
Not open for further replies.
chili20

chili20

IS-IT--Management
Jun 12, 2003
3
CA
Greetings, I'm new to tek-tips and new to pix 506e. I'm having a problem with getting traffic from behind the pix outside to the public. I've read quite a few strings regarding this same problem and have tried tips that have worked for other users, but they have not worked for me. This is the bare bones config of my pix - initial setup done via hyper terminal to assign inside ip addresses. Used PDM to enable outside interface and assign its ip address. I've tried (what I think) is everything asside from firmware upgrades (desperate or what?).

Thanks in advance!

pix(config)# sho config
: Saved
:
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix
domain-name test.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 66.146.138.11 255.255.255.248
ip address inside 192.168.9.199 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 192.168.9.0-192.168.9.255 netmask 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 66.146.138.9 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 192.168.9.17 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
terminal width 80
 
Sort by date Sort by votes
Try this...

no global (outside) 1 192.168.9.0-192.168.9.255 netmask 255.255.255.0
global (outside) 1 interface
 
Upvote 0 Downvote
Thanks for the response, I've tried your changes - still no go. I forgot to mention in my first message that I am able to ping public addresses from the outside interface of the pix, not from the inside interface or from a workstation behind the pix. I made sure to verify that the ip address Subnet mask and DG are correct for the workstation.

Workstation IP: 192.168.9.17
Subnet Mask: 255.255.255.0
Default Gateway:192.168.9.199

Here's the updated config:

pix(config)# sho config
: Saved
:
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix
domain-name test.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 66.146.138.11 255.255.255.248
ip address inside 192.168.9.199 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 66.146.138.9 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 192.168.9.17 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:2c70c37bb498bb92a711b0e19832bd0d
 
Upvote 0 Downvote
You won't be able to ping through the PIX unless you allow it. I.E

access-list 101 permit icmp any any
access-group 101 in interface outside
 
Upvote 0 Downvote
Thanks baddos, you got me going. Much appreciated.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
119
xwray
xwray
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
787
Shmid
Shmid
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
161
brownmab53
brownmab53
Modem80
  • Locked
  • Question
Novice SonicOS user, need routing help
Replies
2
Views
151
Modem80
Modem80
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
238
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top