Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 272
  • Last Modified:

PIX 501 unable to go out to internet

I enabled and gave valid ip addresses to my e0 and e1.    Then I created this command:

static (inside, outside) 38.23.21.104 192.168.1.1 network 255.255.255.255 0 0

e0 public ip:   38.23.21.204
e1 privateip: 192.168.1.1

Am I missing a command that's not allowing me to go out on the internet?  From my laptop I can ping my PIX??
0
Pentrix2
Asked:
Pentrix2
2 Solutions
 
Pentrix2Author Commented:
When I attempt to do a tracert on my laptop to 199.181.132.250 (which is www.abc.com by the way).  All my hops has Request Time Out

??
0
 
JFrederick29Commented:
The return ICMP traffic is dropped on the outside interface by default.  You can add and ACL on the outside to enable return ICMP.

access-list outside_in permit icmp any any echo-reply
access-list outside_in permit icmp any any unreachable
access-list outside_in permit icmp any any time-exceeded

access-group outside_in in interface outside

Also, make sure you have a default route setup to your ISP.

route outside 0 0 x.x.x.x

Make sure your laptop has the correct DNS information from your ISP as well.
0
 
magicommincCommented:
"static (inside, outside) 38.23.21.104 192.168.1.1 network 255.255.255.255 0 0"
--why do you want this static map? and it also doesn't sense to map external to internal IP.
if you just want pass traffic from you internal with one public IP, try add following:
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 <external Default gateway> 1
also your laptop should use 192.168.1.1 as its default gateway. JFrederick is right, default ICMP inbound is not allowed, you need those ACLs to allow echo reply.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Pentrix2Author Commented:
Okay, I got response received on the PIX but still none on the laptop.
0
 
Pentrix2Author Commented:
Whew, got it working.  Had to reapply settings.
0
 
lrmooreCommented:
>static (inside, outside) 38.23.21.104 192.168.1.1 network 255.255.255.255 0 0
>e1 privateip: 192.168.1.1

You cannot map a public IP to the Inside IP of the pIX itself...
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now