We have a Watchguard firewall as our coporate unit, but one of our software vendors will not work with anything but Cisco. I am trying to setup a PIX 501 as a vpn gateway for this supplier. I am having problems with getting the PIX to work on our network. I have setup a pc with the PIX as its default gateway in order to test the setup.
Having followed the PDM Startup Wizard, this is my config.
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password JyPYZb3TaIHQwJur encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname svpn
domain-name changed.com
access-list inside_access_in permit icmp any any
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 13.105.76.195 255.255.255.248
ip address inside 11.63.255.249 255.255.240.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 13.105.76.193 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 11.63.240.0 255.255.240.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:3e2099bf6e6e446dc934ec34d297ef57
: end
***
I removed the fixup lines here to save space and we do not need dhcp.
The client pc can not ping (request timed out) apple.com, but I can ping apple and both interfaces of the PIX from my pc.
I'm lost, is there something simple I'm missing on the PIX or is it two firewalls on the same network 11.63.240.0/20 (My Watchguard is 11.63.255.252) or something else?
Ben
Having followed the PDM Startup Wizard, this is my config.
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password JyPYZb3TaIHQwJur encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname svpn
domain-name changed.com
access-list inside_access_in permit icmp any any
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 13.105.76.195 255.255.255.248
ip address inside 11.63.255.249 255.255.240.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 13.105.76.193 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 11.63.240.0 255.255.240.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:3e2099bf6e6e446dc934ec34d297ef57
: end
***
I removed the fixup lines here to save space and we do not need dhcp.
The client pc can not ping (request timed out) apple.com, but I can ping apple and both interfaces of the PIX from my pc.
I'm lost, is there something simple I'm missing on the PIX or is it two firewalls on the same network 11.63.240.0/20 (My Watchguard is 11.63.255.252) or something else?
Ben