Cisco PIX 501 Multiple IP setup?

I am trying to get my block of 5 IP's setup on a Cisco PIX 501. I have Qwest internet with an Actiontech 501 modem that is configured in unnumbered mode (So the modem does not obtain an IP, it just passes through).
I can ping the pix
Computer A can ping Computer B
Ping outside 216.239.39.99 returns no response recieved
I want to use the IP 71.39.227.217 as the IP for the PIX.
Can any one help me out on this? I have been trying for days to get it to work...

Qwest 5 IP Static Block:
Reserved Network 71.39.227.216
User-assignable 71.39.227.217
User-assignable 71.39.227.218
User-assignable 71.39.227.219
User-assignable 71.39.227.220
User-assignable 71.39.227.221
Reserved Gateway 71.39.227.222
Reserved Broadcast 71.39.227.223
Subnet Mask 255.255.255.248

cisco-pix(config)# sho run                          
: Saved      
:
PIX Version 6.3(4)                  
interface ethernet0 100full                          
interface ethernet1 100full                          
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
enable password QufHLY3zGn7M6zt6 encrypted                                          
passwd QufHLY3zGn7M6zt6 encrypted                                
hostname cisco-pix                  
domain-name namlot.net                      
fixup protocol dns maximum-length 512                                    
fixup protocol ftp 21                    
fixup protocol h323 h225 1720                            
fixup protocol h323 ras 1718-1719                                
fixup protocol http 80                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol sip 5060                      
fixup protocol sip udp 5060                          
fixup protocol skinny 2000                          
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol tftp 69                      
names    
access-list inbound permit icmp any any                                      
pager lines 24              
mtu outside 1500                
mtu inside 1500              
ip address outside 71.39.227.221 255.255.255.248                                                
ip address inside 192.168.4.1 255.255.255.0                                          
ip audit info action alarm                          
ip audit attack action alarm                            
pdm history enable                  
arp timeout 14400                
global (outside) 1 interface                            
nat (inside) 1 192.168.4.0 255.255.255.0 0 0                                            
access-group inbound in interface outside                                        
route outside 0.0.0.0 0.0.0.0 71.39.227.222 1                                            
timeout xlate 3:00:00                    
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00                                                                            
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00                                                              
timeout uauth 0:05:00 absolute                              
aaa-server TACACS+ protocol tacacs+                                  
aaa-server TACACS+ max-failed-attempts 3                                        
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.4.1 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
telnet 192.168.4.0 255.255.255.0 inside
telnet timeout 15
ssh 192.168.4.0 255.255.255.0 inside
ssh timeout 60
console timeout 0
terminal width 80
Cryptochecksum:2566f16a4e961a4c79ab568548fb77dc
: end
cisco-pix(config)#

LVL 1
brentrussellAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

naveedbCommented:
First to change the ip address

no ip address outside 71.39.227.221 255.255.255.248    
ip address outside 171.39.227.217  255.255.255.248    

Now, the traffic is not going outside; can you plug the modem into a PC, assign it .217 and see if it is able to ping? If not, work with your ISP.
0
brentrussellAuthor Commented:
I changed the IP address but still could not ping 216.239.39.99 (google)

I set myself to static:
        IP Address. . . . . . . . . . . . : 71.39.227.217
        Subnet Mask . . . . . . . . . . . : 255.255.255.248
        Default Gateway . . . . . . . . . : 71.39.227.222

And I am able to ping and browse... in fact, I am using that IP to type this post.

I have conacted my ISP (qwest.net) and 2 different techs told me to use unnumbered mode... which also makes sense and works with my computer anyways.
0
naveedbCommented:
Can you post your output from

show interface

show route
 
show xlate
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

brentrussellAuthor Commented:
cisco-pix(config)# sho interface                          
interface ethernet0 "outside" is up, line protocol is down                                                          
  Hardware is i82559 ethernet, address is 0014.1c5d.b92e                                                        
  IP address 171.39.227.217, subnet mask 255.255.255.248                                                        
  MTU 1500 bytes, BW 100000 Kbit full duplex                                            
        0 packets input, 0 bytes, 0 no buffer                                            
        Received 0 broadcasts, 0 runts, 0 giants                                                
        0 input errors, 0 CRC, 0 frame, 0 overrun,                                                
        0 input errors, 0 CRC, 0 frame, 0 overrun,                                                
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/0)
        output queue (curr/max blocks): hardware (0/1) software (0/1)
interface ethernet1 "inside" is up, line protocol is up
  Hardware is i82559 ethernet, address is 0014.1c5d.b8d7
  IP address 192.168.4.1, subnet mask 255.255.255.0
  MTU 1500 bytes, BW 100000 Kbit full duplex
        12 packets input, 1110 bytes, 0 no buffer
        Received 3 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        3 packets output, 180 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/1)
        output queue (curr/max blocks): hardware (0/1) software (0/1)


cisco-pix(config)# sho route
        outside 0.0.0.0 0.0.0.0 71.39.227.222 1 OTHER static
        outside 171.39.227.216 255.255.255.248 171.39.227.217 1 CONNECT static
        inside 192.168.4.0 255.255.255.0 192.168.4.1 1 CONNECT static


cisco-pix(config)# sho xlate
0 in use, 1 most used
0
ian_chardCommented:
Hi

When the PIX is connected to the modem, Do you get any response from trying to Ping google from the pix itself.

Try

Ping outside 216.239.39.99

from the PIX console.

Also, Try making an access list that allows traffic from the inside to the outside.

Cheers
0
brentrussellAuthor Commented:
Ian,
thanks for replying.

Thats how I have been testing my connection to the outside world. As stated above, "Ping outside 216.239.39.99" returns no response recieved.

I have icmp enabled for any any
What type of traffic should I make an access list for? How about this: access-list outside permit tcp any host 71.39.227.217
0
brentrussellAuthor Commented:
I also just noticed that the outside IP address was incorrect. It used to be 171.39.227.217 now it is 71.39.227.217 After making the corrections which are reflected bellow, a ping from the cisco out to google does not work.

cisco-pix(config)# sho ip
System IP Addresses:
        ip address outside 71.39.227.217 255.255.255.248
        ip address inside 192.168.4.1 255.255.255.0
Current IP Addresses:
        ip address outside 71.39.227.217 255.255.255.248
        ip address inside 192.168.4.1 255.255.255.0
cisco-pix(config)# sho route
        outside 71.39.227.216 255.255.255.248 71.39.227.217 1 CONNECT static
        inside 192.168.4.0 255.255.255.0 192.168.4.1 1 CONNECT static
cisco-pix(config)#
0
ian_chardCommented:
Hi,

Just to test try something like

Access-list outbound permit ip any any

access-group outbound in interface inside

Also, take this route out :

 outside 71.39.227.216 255.255.255.248 71.39.227.217 1 CONNECT static

The route outside 0.0.0.0 0.0.0.0 71.39.227.222 1 should be fine to route traffic out.

Does the modem connect directly to the outside interface of the PIX?

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brentrussellAuthor Commented:
Ian Chard,

I am at work right now so I will try taking out outside 71.39.227.216 255.255.255.248 71.39.227.217 1 CONNECT static
when I get home for lunch at 12:00 -0600 CST.

Here is how my connection is:
ISP-------------Action Tech 701 Modem----------------PIX 501---------------Computers
0
brentrussellAuthor Commented:
route outside 0.0.0.0 0.0.0.0 71.39.227.222 was taken out of my config somehow, so I put it back in and removed the route you told me to... it worked!
thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.