PIX firewall

[avipn234]

I can not access outside network from inside network,, i am posting my configuration please answer,


Building configuration...

: Saved

:

PIX Version 4.4(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 pix/intf2 security10

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

fixup protocol ftp 21

fixup protocol http 80

fixup protocol smtp 25

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol sqlnet 1521

names

pager lines 24

no logging timestamp

no logging console

no logging monitor

no logging buffered

no logging trap

logging facility 20

<--- More --->

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

mtu outside 1500

mtu inside 1500

mtu pix/intf2 1500

ip address outside 192.168.0.1 255.255.255.248

ip address inside 192.168.0.8 255.255.255.252

ip address pix/intf2 127.0.0.1 255.255.255.255

no failover

failover timeout 0:00:00

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

failover ip address pix/intf2 0.0.0.0

arp timeout 14400

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

conduit permit icmp any any

no rip outside passive

no rip outside default

no rip inside passive

no rip inside default

no rip pix/intf2 passive

no rip pix/intf2 default

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

<--- More --->

route inside 0.0.0.0 0.0.0.0 y.y.y.y 1

timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00

timeout rpc 0:10:00 h323 0:05:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

telnet timeout 5

terminal width 80

Cryptochecksum e5aefe46408a27aeb86ad6e827e2632

: end

[OK]


pixfirewall#
wr t

Building configuration...

: Saved

:

PIX Version 4.4(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 pix/intf2 security10

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

fixup protocol ftp 21

fixup protocol http 80

fixup protocol smtp 25

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol sqlnet 1521

names

pager lines 24

no logging timestamp

no logging console

no logging monitor

no logging buffered

no logging trap

logging facility 20

<--- More --->

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

mtu outside 1500

mtu inside 1500

mtu pix/intf2 1500

ip address outside 192.168.0.1 255.255.255.248

ip address inside 192.168.0.8 255.255.255.252

ip address pix/intf2 127.0.0.1 255.255.255.255

no failover

failover timeout 0:00:00

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

failover ip address pix/intf2 0.0.0.0

arp timeout 14400

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

conduit permit icmp any any

no rip outside passive

no rip outside default

no rip inside passive

no rip inside default

no rip pix/intf2 passive

no rip pix/intf2 default

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

<--- More --->

route inside 0.0.0.0 0.0.0.0 y.y.y.y 1

timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00

timeout rpc 0:10:00 h323 0:05:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

telnet timeout 5

terminal width 80

Cryptochecksum e5aefe46408a27aeb86ad6e827e2632

: end

[OK]


pixfirewall#



thanks
avinash

 

[iolair]

I don't see anything that looks out of place, but check your subnetting math, especially ip address inside 192.168.0.8 255.255.255.252 and make sure you're not pointing to invalid IP addresses like broadcast.

Iolair MacWalter
Network Engineer

 

[Supergrrover]

Also ditch this line
route inside 0.0.0.0 0.0.0.0 y.y.y.y 1




Brent
Systems Engineer / Consultant
CCNP, CCSP