Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix Firewall 520 ver 4.3 cant get outbound connection

Status
Not open for further replies.
jelway

jelway

ISP
Mar 20, 2002
2
0
0
US
Hello I am very new to cisco and pix firewall. I just configured the firewall and I can ping everything in the network though the firewall but I cant though dos or get the web.Heres a copy of my config. Thank you


PIX Version 4.3(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password encrypted
passwd encrypted
hostname badfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol sqlnet 1521
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
names
pager lines 24
logging timestamp
no logging console
logging monitor debugging
logging buffered debugging
logging trap debugging
logging facility 7
interface ethernet0 auto
interface ethernet1 auto
ip address outside 65.x.x.x 255.0.0.0
ip address inside 65.x.x.x 255.0.0.0
arp timeout 14400
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
conduit permit icmp any any
outbound 1 permit 0.0.0.0 0.0.0.0 0 tcp
apply (inside) 1 outgoing_dest
rip outside passive
no rip outside default
no rip inside passive
rip inside default
route outside 65.x.x.0 255.255.255.0 65.x.x.x 1
timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet timeout 5
mtu outside 1500
mtu inside 1500
floodguard 0
fragguard
sysopt security fragguard
 
Sort by date Sort by votes
HI.

* The inside and outside interfaces should not be in the same subnet:
ip address outside 65.x.x.x 255.0.0.0
ip address inside 65.x.x.x 255.0.0.0

* Do not use outbound nor apply until you get the outbound connections working. Then add the limitations you want:
outbound 1 permit 0.0.0.0 0.0.0.0 0 tcp
apply (inside) 1 outgoing_dest

* You will need a default route (gateway), the existing route command is not enough:
route outside 65.x.x.0 255.255.255.0 65.x.x.x

* You will need a "global" command.


You can use samples and documentation from cisco web-site:

And you can use pixcript.
Please note that only that many options there are not compatible with your old version, but for the basic configuration it can help:

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
80
mcisar
mcisar
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
101
hairlessupportmonkey
hairlessupportmonkey
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
60
Garbear
Garbear
jfp23
  • Locked
  • Question
ASA 5512x 9.3 version Outbound connection issues
Replies
0
Views
53
jfp23
jfp23
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
193
nnaarrnn
nnaarrnn

Part and Inventory Search

Sponsor

Back
Top