Solved

Cisco Pix 515 - No route to host error  (Newbie alert, be gentle)

Posted on 2002-07-04
4
1,620 Views
Last Modified: 2007-12-19
Hi,

I have a Cisco PIX 515 which isn't Pixing.. i've detailed exactly what i've done so far, so please, when you've stopped giggling, could you offer some advice as to why I get "No route to host" error! -- btw, I issued a write erase / reload to complete wipe it clean first.. so:

enable
config t

---
Setting up Port Address Translation
---
pix>   global (outside) 1 x.x.x.x netmask 255.255.255.255

(x.x.x.x being my static IP address supplied by my ADSL company)

pix>   nat (inside) 1 0.0.0.0 0.0.0.0 0 0

---
Setting up Security Levels
---
pix>   nameif ethernet0 outside security0
pix>   nameif ethernet1 inside security100

---
Setting up DHCP
---
pix>   dhcpd address 10.0.0.10-10.0.0.25 inside

---
Setting up DNS
---

pix>   dns <um, can't remember the command i used here>

..and thats basically it.

My client machine gets a DHCP address, and the DNS address of my ADSL provider. If I tracert it just fails at the first hop.

If I ping an external address directly from the Pix, I get "no route to host".

So, could anyone please tell me what i've missed and also, (as a bonus) tell me what other things I need to do in order to have a nice secure firewall!

Many thanks in Advance.
grayp
0
Comment
Question by:grayp1
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
ID: 7130772
what is the IP address assigned to the outside interface?

pix(config)#ip address outside <ip address>

Add a route statement:
pix(config)# route outside 0.0.0.0 0.0.0.0 <gateway IP>


To allow traceroute you must allow icmp via access-list:

access-list ACL_IN permit icmp any any echo
access-list ACL_IN permit icmp any any echo-reply
access-list ACL_IN permit icmp any any unreachable
access-list ACL_IN permit icmp any any time-exceeded

access-group ACL_IN in interface outside


If your ISP gave you one static IP address, assign it to the outisde interface and change the nat global to use that interface for all NAT:

global (outside) 1 interface

0
 
LVL 3

Expert Comment

by:mbruner
ID: 7132431
Well said LRMoore!  You may want to page through some of the documentation on the PIX.  Here is a link to the documentation for version 6.2 of the Finesse OS.  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/index.htm

Good luck!
0
 

Author Comment

by:grayp1
ID: 7137465

Thanks Lrmoore for your answer, most helpful!
..and thanks Mbruner for taking the time to follow up with that useful link - much appreciated.


0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7137602
Glad to help!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question