Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco Pix 515 - No route to host error  (Newbie alert, be gentle)

Posted on 2002-07-04
4
1,622 Views
Last Modified: 2007-12-19
Hi,

I have a Cisco PIX 515 which isn't Pixing.. i've detailed exactly what i've done so far, so please, when you've stopped giggling, could you offer some advice as to why I get "No route to host" error! -- btw, I issued a write erase / reload to complete wipe it clean first.. so:

enable
config t

---
Setting up Port Address Translation
---
pix>   global (outside) 1 x.x.x.x netmask 255.255.255.255

(x.x.x.x being my static IP address supplied by my ADSL company)

pix>   nat (inside) 1 0.0.0.0 0.0.0.0 0 0

---
Setting up Security Levels
---
pix>   nameif ethernet0 outside security0
pix>   nameif ethernet1 inside security100

---
Setting up DHCP
---
pix>   dhcpd address 10.0.0.10-10.0.0.25 inside

---
Setting up DNS
---

pix>   dns <um, can't remember the command i used here>

..and thats basically it.

My client machine gets a DHCP address, and the DNS address of my ADSL provider. If I tracert it just fails at the first hop.

If I ping an external address directly from the Pix, I get "no route to host".

So, could anyone please tell me what i've missed and also, (as a bonus) tell me what other things I need to do in order to have a nice secure firewall!

Many thanks in Advance.
grayp
0
Comment
Question by:grayp1
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
ID: 7130772
what is the IP address assigned to the outside interface?

pix(config)#ip address outside <ip address>

Add a route statement:
pix(config)# route outside 0.0.0.0 0.0.0.0 <gateway IP>


To allow traceroute you must allow icmp via access-list:

access-list ACL_IN permit icmp any any echo
access-list ACL_IN permit icmp any any echo-reply
access-list ACL_IN permit icmp any any unreachable
access-list ACL_IN permit icmp any any time-exceeded

access-group ACL_IN in interface outside


If your ISP gave you one static IP address, assign it to the outisde interface and change the nat global to use that interface for all NAT:

global (outside) 1 interface

0
 
LVL 3

Expert Comment

by:mbruner
ID: 7132431
Well said LRMoore!  You may want to page through some of the documentation on the PIX.  Here is a link to the documentation for version 6.2 of the Finesse OS.  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/index.htm

Good luck!
0
 

Author Comment

by:grayp1
ID: 7137465

Thanks Lrmoore for your answer, most helpful!
..and thanks Mbruner for taking the time to follow up with that useful link - much appreciated.


0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7137602
Glad to help!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question