Hi guys,
I'm not sure whats going on with my pix. i followed a step-by-step procedure to get my pix up and running. Unfortunately its not up and running. My Host on the inside of the network can not access the outside network. Can you check out my config and let me know what i'm doing wrong?
Thanks!!
PIX Version 7.2(2)
!
hostname pixfirewall
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 192.168.32.2 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 172.168.1.1 255.255.0.0
!
interface Ethernet2
nameif DMZ
security-level 50
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list acl_inside extended permit tcp 172.168.0.0 255.255.0.0 any eq www
access-list acl_inside extended permit tcp 172.168.0.0 255.255.0.0 any eq ftp
access-list acl_inside extended permit tcp 172.168.0.0 255.255.0.0 any eq https
access-list acl_outside extended permit tcp any host 192.168.32.10 eq www
access-list acl_outside extended permit tcp any host 192.168.32.10 eq https
pager lines 24
mtu DMZ 1500
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 192.168.32.254 netmask 255.255.255.0
nat (inside) 1 172.168.0.0 255.255.0.0
static (DMZ,outside) 192.168.32.10 192.168.100.10 netmask 255.255.255.255
access-group acl_outside in interface outside
access-group acl_inside in interface inside
route outside 0.0.0.0 0.0.0.0 192.168.32.1 1
route inside 172.168.0.0 255.255.255.0 172.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:21ba6b5e6f1e1fd4255cb04bfee2de43
: end
[OK]
pixfirewall#
I'm not sure whats going on with my pix. i followed a step-by-step procedure to get my pix up and running. Unfortunately its not up and running. My Host on the inside of the network can not access the outside network. Can you check out my config and let me know what i'm doing wrong?
Thanks!!
PIX Version 7.2(2)
!
hostname pixfirewall
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 192.168.32.2 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 172.168.1.1 255.255.0.0
!
interface Ethernet2
nameif DMZ
security-level 50
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list acl_inside extended permit tcp 172.168.0.0 255.255.0.0 any eq www
access-list acl_inside extended permit tcp 172.168.0.0 255.255.0.0 any eq ftp
access-list acl_inside extended permit tcp 172.168.0.0 255.255.0.0 any eq https
access-list acl_outside extended permit tcp any host 192.168.32.10 eq www
access-list acl_outside extended permit tcp any host 192.168.32.10 eq https
pager lines 24
mtu DMZ 1500
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 192.168.32.254 netmask 255.255.255.0
nat (inside) 1 172.168.0.0 255.255.0.0
static (DMZ,outside) 192.168.32.10 192.168.100.10 netmask 255.255.255.255
access-group acl_outside in interface outside
access-group acl_inside in interface inside
route outside 0.0.0.0 0.0.0.0 192.168.32.1 1
route inside 172.168.0.0 255.255.255.0 172.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:21ba6b5e6f1e1fd4255cb04bfee2de43
: end
[OK]
pixfirewall#