Solved

Cisco Pix 515 - No route to host error  (Newbie alert, be gentle)

Posted on 2002-07-04
4
1,599 Views
Last Modified: 2007-12-19
Hi,

I have a Cisco PIX 515 which isn't Pixing.. i've detailed exactly what i've done so far, so please, when you've stopped giggling, could you offer some advice as to why I get "No route to host" error! -- btw, I issued a write erase / reload to complete wipe it clean first.. so:

enable
config t

---
Setting up Port Address Translation
---
pix>   global (outside) 1 x.x.x.x netmask 255.255.255.255

(x.x.x.x being my static IP address supplied by my ADSL company)

pix>   nat (inside) 1 0.0.0.0 0.0.0.0 0 0

---
Setting up Security Levels
---
pix>   nameif ethernet0 outside security0
pix>   nameif ethernet1 inside security100

---
Setting up DHCP
---
pix>   dhcpd address 10.0.0.10-10.0.0.25 inside

---
Setting up DNS
---

pix>   dns <um, can't remember the command i used here>

..and thats basically it.

My client machine gets a DHCP address, and the DNS address of my ADSL provider. If I tracert it just fails at the first hop.

If I ping an external address directly from the Pix, I get "no route to host".

So, could anyone please tell me what i've missed and also, (as a bonus) tell me what other things I need to do in order to have a nice secure firewall!

Many thanks in Advance.
grayp
0
Comment
Question by:grayp1
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
Comment Utility
what is the IP address assigned to the outside interface?

pix(config)#ip address outside <ip address>

Add a route statement:
pix(config)# route outside 0.0.0.0 0.0.0.0 <gateway IP>


To allow traceroute you must allow icmp via access-list:

access-list ACL_IN permit icmp any any echo
access-list ACL_IN permit icmp any any echo-reply
access-list ACL_IN permit icmp any any unreachable
access-list ACL_IN permit icmp any any time-exceeded

access-group ACL_IN in interface outside


If your ISP gave you one static IP address, assign it to the outisde interface and change the nat global to use that interface for all NAT:

global (outside) 1 interface

0
 
LVL 3

Expert Comment

by:mbruner
Comment Utility
Well said LRMoore!  You may want to page through some of the documentation on the PIX.  Here is a link to the documentation for version 6.2 of the Finesse OS.  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/index.htm

Good luck!
0
 

Author Comment

by:grayp1
Comment Utility

Thanks Lrmoore for your answer, most helpful!
..and thanks Mbruner for taking the time to follow up with that useful link - much appreciated.


0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Glad to help!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
NTP Server in VMware 5 115
Multicast in a layer 2 to layer 3 migration 1 35
Eigrp Router 5 44
EIGRP Multicast vs Unicast 7 40
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now