Solved

Cisco Pix 515 - No route to host error  (Newbie alert, be gentle)

Posted on 2002-07-04
4
1,644 Views
Last Modified: 2007-12-19
Hi,

I have a Cisco PIX 515 which isn't Pixing.. i've detailed exactly what i've done so far, so please, when you've stopped giggling, could you offer some advice as to why I get "No route to host" error! -- btw, I issued a write erase / reload to complete wipe it clean first.. so:

enable
config t

---
Setting up Port Address Translation
---
pix>   global (outside) 1 x.x.x.x netmask 255.255.255.255

(x.x.x.x being my static IP address supplied by my ADSL company)

pix>   nat (inside) 1 0.0.0.0 0.0.0.0 0 0

---
Setting up Security Levels
---
pix>   nameif ethernet0 outside security0
pix>   nameif ethernet1 inside security100

---
Setting up DHCP
---
pix>   dhcpd address 10.0.0.10-10.0.0.25 inside

---
Setting up DNS
---

pix>   dns <um, can't remember the command i used here>

..and thats basically it.

My client machine gets a DHCP address, and the DNS address of my ADSL provider. If I tracert it just fails at the first hop.

If I ping an external address directly from the Pix, I get "no route to host".

So, could anyone please tell me what i've missed and also, (as a bonus) tell me what other things I need to do in order to have a nice secure firewall!

Many thanks in Advance.
grayp
0
Comment
Question by:grayp1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
ID: 7130772
what is the IP address assigned to the outside interface?

pix(config)#ip address outside <ip address>

Add a route statement:
pix(config)# route outside 0.0.0.0 0.0.0.0 <gateway IP>


To allow traceroute you must allow icmp via access-list:

access-list ACL_IN permit icmp any any echo
access-list ACL_IN permit icmp any any echo-reply
access-list ACL_IN permit icmp any any unreachable
access-list ACL_IN permit icmp any any time-exceeded

access-group ACL_IN in interface outside


If your ISP gave you one static IP address, assign it to the outisde interface and change the nat global to use that interface for all NAT:

global (outside) 1 interface

0
 
LVL 3

Expert Comment

by:mbruner
ID: 7132431
Well said LRMoore!  You may want to page through some of the documentation on the PIX.  Here is a link to the documentation for version 6.2 of the Finesse OS.  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/index.htm

Good luck!
0
 

Author Comment

by:grayp1
ID: 7137465

Thanks Lrmoore for your answer, most helpful!
..and thanks Mbruner for taking the time to follow up with that useful link - much appreciated.


0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7137602
Glad to help!
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month2 days, 18 hours left to enroll

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question