pix can't communicate to external network

[isaaclch]

I setup my lab and test the pix connection.

I try to ping the outside network in my lab. outside rotuer 192.168.224.1

I can use ping command from pix console, and get the reply, but if i try "ping inside 192.168.224.1" it is no reponse.

Do I make some mistake on my pix configuration?


my configuration as following.
access-list acl_outside permit udp host 172.19.19.194 host 172.20.20.36 eq isakmp

access-list acl_outside permit tcp host 172.19.19.194 host 172.20.20.36 eq pptp

access-list acl_outside permit tcp any host 172.20.20.38 eq www

access-list acl_outside permit icmp any any echo-reply

access-list acl_inside permit tcp host 192.168.50.100 any

access-list acl_inside permit tcp host 192.168.50.10 any

access-list acl_inside permit ip any any

access-list acl_inside permit tcp interface inside any

pager lines 24

logging on

logging timestamp

logging buffered informational

logging history critical

<--- More --->

mtu outside 1500

mtu inside 1500

mtu intf2 1500

mtu VPN 1500

mtu intf4 1500

mtu stateful-failover 1500

ip address outside 172.20.20.35 255.255.255.240

ip address inside 192.168.50.1 255.255.255.0

no ip address intf2

ip address VPN 192.168.222.1 255.255.255.0

no ip address intf4

no ip address stateful-failover

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address inside

no failover ip address intf2

no failover ip address VPN

no failover ip address intf4

no failover ip address stateful-failover

pdm location 192.168.50.0 255.255.255.0 inside

<--- More --->

pdm location 192.168.222.100 255.255.255.255 VPN

pdm location 192.168.224.0 255.255.255.128 outside

pdm history enable

arp timeout 900

global (outside) 1 172.20.20.34

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,VPN) 192.168.222.100 192.168.222.100 netmask 255.255.255.255 0 0

static (inside,outside) 172.20.20.38 192.168.50.100 netmask 255.255.255.255 0 0

access-group acl_outside in interface outside

access-group acl_inside in interface inside

conduit permit icmp any any

route outside 0.0.0.0 0.0.0.0 172.20.20.33 1

route outside 172.16.1.0 255.255.255.0 172.20.20.33 1

route outside 192.168.224.0 255.255.255.128 172.20.20.33 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

<--- More --->

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.50.10 255.255.255.255 inside


Isaac

 

[warpzero]

You are referencing the wrong interface (inside) as the network is routed via the "outside" interface.

Try:

ping outside 192.168.224.1


Mike

WarpZero Technologies

http://www.warpzero.com/

 

[HenriettaHog]

Check your route outside statement. Should only be one default route statement.

should look like this:
0.0.0.0 0.0.0.0 (ip address of the nexthop or gateway to internet).