• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 270
  • Last Modified:

public interface is not connecting up to the internet - cisco pix 506e

greetings

i have a cisco pix 506e that i have been trying to reconfigure.  the problem is that the public interface is not connecting up to the internet.  i see traffic on the private but not te public, i also have it setup to my local isp, for now, in order to test and configure.  

Private = INT 1
Public = INT 0


below is the running config






PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password wouGb3Kcr8izqdL1 encrypted
passwd lw.hq88l2bR1x9Fp encrypted
hostname PIX
domain-name ciscopix.com
clock timezone PST -8
clock summer-time PDT recurring
fixup protocol dns maximum-length 2048
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list outside_access_in permit ip interface outside interface inside
access-list outside_access_in permit tcp interface outside interface inside
access-list inside_access_in permit ip interface inside interface outside
access-list inside_access_in permit tcp interface inside interface outside
pager lines 24
logging on
logging monitor debugging
logging buffered debugging
logging history emergencies
icmp permit any echo-reply outside
icmp permit any echo-reply inside
mtu outside 1500
mtu inside 1500
ip address outside dhcp retry 4
ip address inside 10.5.2.254 255.255.255.0
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
pdm location 209.164.47.72 255.255.255.255 outside
pdm history enable
arp timeout 14400
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 10.5.2.254 cisco123 timeout 10
aaa-server LOCAL protocol local
http server enable
http 10.5.2.0 255.255.255.0 inside
http 10.5.2.254 255.255.255.255 inside
snmp-server host outside 209.164.47.72
snmp-server location Irvine
snmp-server contact John Kesoglou
snmp-server community vinduvin
snmp-server enable traps
floodguard enable
sysopt radius ignore-secret
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
isakmp identity address
isakmp nat-traversal 20
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.5.2.100-10.5.2.150 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
terminal width 80
Cryptochecksum:76577286553efda64231657c4190ef45
: end
[OK]
0
johnkesoglou
Asked:
johnkesoglou
  • 3
4 Solutions
 
Alan Huseyin KayahanCommented:
acls below are useless.
access-list outside_access_in permit ip interface outside interface inside
access-list outside_access_in permit tcp interface outside interface inside
access-list inside_access_in permit ip interface inside interface outside
access-list inside_access_in permit tcp interface inside interface outside

you have no default route for outside. specify the ip address of your modem/router which provide internet connection. Lets say that your modem/router s ip address is 192.168.1.1. then add the following

route outside 0 0 192.168.1.1

and remove the useless acls bu typing no to their beginning, for example
no access-list inside_access_in permit tcp interface inside interface outside
no access-group inside_access_in in interface inside

dont forget to type
write mem        to save the config and
cl xl                  to re-establish conections with current config
0
 
Alan Huseyin KayahanCommented:
   or if outside interface is retrieving ip from a dhcp server that the folloing line say it does
ip address outside dhcp retry 4
   then you should type the following for outside int to retriev the gateway automatically
   ip address outside dhcp setroute
0
 
Alan Huseyin KayahanCommented:
plus, are the inside interface and outside interface in different subnets? if yes, you should do a nat by typng

nat (inside) 1 0 0

then assign a global for NAT (PAT for ex.)
global (outside) 1 interface
0
 
kkwataiCommented:
The first thing we shoudl establish is if the outside interface is working. I would suggest that you give your outside interface a staic iP address and see if you can plug it into a PC with a cross over. Configure the pc with an ip that is in the same subnet and confirm that it can ping each other. If you can't get this going, we have bigger issues.

Assuming that is working, then the next step is to determine if you are getting a proper DHCP address with a proper IP address. Keep in mind that you didn't configure any NATting on the device so you shoudl do all your tests from within the device and not from a PC connected to the outside.

Do a show interface and see if the interface is up and you get an external IP. Also show your routing table and make sure you got a default gateway.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now