[Last Call] Learn how to a build a cloud-first strategyRegister Now


Can't connect to internet with PIX 501

Posted on 2005-04-30
Medium Priority
Last Modified: 2008-03-06
I can ping the PIX 501 inside interface from the client computer.  The clients are setup to obtain IP via DHCP.   I added the outside adapter with my static IP, but cannot ping it from client.   I restored the factory defaults before doing anything.  I am trying to configure this with PDM first, then get into the terminal configuration later.  From what I'm starting to gather is that the terminal is the way to go, but I would like to get this up and running in the mean time.  Anyone have any ideas on configuring this via the terminal or PDM so I can connect to the internet?  I am using DSL.  Thanks.
Question by:bleujaegel
  • 3

Author Comment

ID: 13902307
Also, if anyone has a good basic config file, that would be helpful.
LVL 79

Assisted Solution

lrmoore earned 200 total points
ID: 13903832
How about a getting started guide:


Note: you cannot ping the outside interface from an inside client. Ever. You cannot ping anything unless you add an access-list. Try using a web browser to open a web site, not ping, as test..

Accepted Solution

magicomminc earned 200 total points
ID: 13911983
Here is the REALLY basic configure that will allow you start going:
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxx encrypted
passwd xxxxx encrypted
hostname pixfirewall
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside <a.b.c.d> <subnet mask>  ==========> put your external IP here or dhcp
ip address inside  ==========> internal IP here
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0 0
route outside <external DG> 1 ======> external defatlu gateway goes here, if it's dhcp,  don't bother.
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http inside  ==========> where you allow PDM
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet inside
telnet timeout 5
ssh timeout 5
management-access inside
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside  ==========> depends if you have DHCP on outside
terminal width 80


Author Comment

ID: 13917619
Both answers are helpful.  The basic config file will be a good starting point.  Thanks.

Author Comment

ID: 13917660
Oh, by the way, I figured out the problem.  The static route wasn't in there at the beginning.  I just went through the setup via PDM a few times, and it finally added the route.  Now I know what was blocking.  

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question