PIX 501 unable to go out to internet

I enabled and gave valid ip addresses to my e0 and e1.    Then I created this command:

static (inside, outside) 38.23.21.104 192.168.1.1 network 255.255.255.255 0 0

e0 public ip:   38.23.21.204
e1 privateip: 192.168.1.1

Am I missing a command that's not allowing me to go out on the internet?  From my laptop I can ping my PIX??
LVL 9
Pentrix2Asked:
Who is Participating?
 
magicommincCommented:
"static (inside, outside) 38.23.21.104 192.168.1.1 network 255.255.255.255 0 0"
--why do you want this static map? and it also doesn't sense to map external to internal IP.
if you just want pass traffic from you internal with one public IP, try add following:
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 <external Default gateway> 1
also your laptop should use 192.168.1.1 as its default gateway. JFrederick is right, default ICMP inbound is not allowed, you need those ACLs to allow echo reply.
0
 
Pentrix2Author Commented:
When I attempt to do a tracert on my laptop to 199.181.132.250 (which is www.abc.com by the way).  All my hops has Request Time Out

??
0
 
JFrederick29Commented:
The return ICMP traffic is dropped on the outside interface by default.  You can add and ACL on the outside to enable return ICMP.

access-list outside_in permit icmp any any echo-reply
access-list outside_in permit icmp any any unreachable
access-list outside_in permit icmp any any time-exceeded

access-group outside_in in interface outside

Also, make sure you have a default route setup to your ISP.

route outside 0 0 x.x.x.x

Make sure your laptop has the correct DNS information from your ISP as well.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Pentrix2Author Commented:
Okay, I got response received on the PIX but still none on the laptop.
0
 
Pentrix2Author Commented:
Whew, got it working.  Had to reapply settings.
0
 
lrmooreCommented:
>static (inside, outside) 38.23.21.104 192.168.1.1 network 255.255.255.255 0 0
>e1 privateip: 192.168.1.1

You cannot map a public IP to the Inside IP of the pIX itself...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.