Solved

Cisco Pix 515 - No route to host error  (Newbie alert, be gentle)

Posted on 2002-07-04
4
1,625 Views
Last Modified: 2007-12-19
Hi,

I have a Cisco PIX 515 which isn't Pixing.. i've detailed exactly what i've done so far, so please, when you've stopped giggling, could you offer some advice as to why I get "No route to host" error! -- btw, I issued a write erase / reload to complete wipe it clean first.. so:

enable
config t

---
Setting up Port Address Translation
---
pix>   global (outside) 1 x.x.x.x netmask 255.255.255.255

(x.x.x.x being my static IP address supplied by my ADSL company)

pix>   nat (inside) 1 0.0.0.0 0.0.0.0 0 0

---
Setting up Security Levels
---
pix>   nameif ethernet0 outside security0
pix>   nameif ethernet1 inside security100

---
Setting up DHCP
---
pix>   dhcpd address 10.0.0.10-10.0.0.25 inside

---
Setting up DNS
---

pix>   dns <um, can't remember the command i used here>

..and thats basically it.

My client machine gets a DHCP address, and the DNS address of my ADSL provider. If I tracert it just fails at the first hop.

If I ping an external address directly from the Pix, I get "no route to host".

So, could anyone please tell me what i've missed and also, (as a bonus) tell me what other things I need to do in order to have a nice secure firewall!

Many thanks in Advance.
grayp
0
Comment
Question by:grayp1
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
ID: 7130772
what is the IP address assigned to the outside interface?

pix(config)#ip address outside <ip address>

Add a route statement:
pix(config)# route outside 0.0.0.0 0.0.0.0 <gateway IP>


To allow traceroute you must allow icmp via access-list:

access-list ACL_IN permit icmp any any echo
access-list ACL_IN permit icmp any any echo-reply
access-list ACL_IN permit icmp any any unreachable
access-list ACL_IN permit icmp any any time-exceeded

access-group ACL_IN in interface outside


If your ISP gave you one static IP address, assign it to the outisde interface and change the nat global to use that interface for all NAT:

global (outside) 1 interface

0
 
LVL 3

Expert Comment

by:mbruner
ID: 7132431
Well said LRMoore!  You may want to page through some of the documentation on the PIX.  Here is a link to the documentation for version 6.2 of the Finesse OS.  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/index.htm

Good luck!
0
 

Author Comment

by:grayp1
ID: 7137465

Thanks Lrmoore for your answer, most helpful!
..and thanks Mbruner for taking the time to follow up with that useful link - much appreciated.


0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7137602
Glad to help!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 3560 Switch with Multiple Gateways 10 80
VOIP gateways - feedback 23 60
Upgrading from Sonicwall Tz210 6 34
Failover for DMVPN 3 25
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question