Can't connect to internet with PIX 501

Posted on 2005-04-30
Last Modified: 2008-03-06
I can ping the PIX 501 inside interface from the client computer.  The clients are setup to obtain IP via DHCP.   I added the outside adapter with my static IP, but cannot ping it from client.   I restored the factory defaults before doing anything.  I am trying to configure this with PDM first, then get into the terminal configuration later.  From what I'm starting to gather is that the terminal is the way to go, but I would like to get this up and running in the mean time.  Anyone have any ideas on configuring this via the terminal or PDM so I can connect to the internet?  I am using DSL.  Thanks.
Question by:bleujaegel
    LVL 2

    Author Comment

    Also, if anyone has a good basic config file, that would be helpful.
    LVL 79

    Assisted Solution

    How about a getting started guide:

    Note: you cannot ping the outside interface from an inside client. Ever. You cannot ping anything unless you add an access-list. Try using a web browser to open a web site, not ping, as test..
    LVL 6

    Accepted Solution

    Here is the REALLY basic configure that will allow you start going:
    interface ethernet0 auto
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password xxxxx encrypted
    passwd xxxxx encrypted
    hostname pixfirewall
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside <a.b.c.d> <subnet mask>  ==========> put your external IP here or dhcp
    ip address inside  ==========> internal IP here
    ip audit info action alarm
    ip audit attack action alarm
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0 0
    route outside <external DG> 1 ======> external defatlu gateway goes here, if it's dhcp,  don't bother.
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http inside  ==========> where you allow PDM
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet inside
    telnet timeout 5
    ssh timeout 5
    management-access inside
    console timeout 0
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside  ==========> depends if you have DHCP on outside
    terminal width 80

    LVL 2

    Author Comment

    Both answers are helpful.  The basic config file will be a good starting point.  Thanks.
    LVL 2

    Author Comment

    Oh, by the way, I figured out the problem.  The static route wasn't in there at the beginning.  I just went through the setup via PDM a few times, and it finally added the route.  Now I know what was blocking.  

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now