Link to home
Start Free TrialLog in
Avatar of OGSan
OGSanFlag for United States of America

asked on

Changed ISP but can not get access

We have just changed ISPs and tried to reconfig our Cisco 1721 router and PIX 506e firewall devices for the new IP addys - but can't seem to get out.  I have attached the old and new configs for both our router and firewall.  We suspect a problem in the firewall.
Any insights would be much appreciated.
Avatar of OGSan
OGSan
Flag of United States of America image

ASKER

Here is the old router/firewall configs:
Using 837 out of 29688 bytes
!
! Last configuration change at 08:21:35 HST Fri Jun 27 2003
! NVRAM config last updated at 08:22:09 HST Fri Jun 27 2003
!
version 12.2
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service password-encryption
!
hostname XXXXXXXXXX
!
logging buffered 4096 debugging
enable secret 5 $1$nRXz$Jn/tMGcR56238D4rHi1hk.
!
clock timezone HST -10
ip subnet-zero
ip name-server 199.89.128.83
ip name-server 64.29.65.220
!
!
!
!
interface FastEthernet0
 ip address 66.180.146.17 255.255.255.248
 speed auto
!
interface Serial0
 ip address 66.180.145.250 255.255.255.252
 service-module t1 timeslots 1-24
!
ip classless
ip route 0.0.0.0 0.0.0.0 66.180.145.249
no ip http server
!
!
!
line con 0
line aux 0
line vty 0 4
 password XXXXXXXXXX
 login
!
sntp server 192.5.41.40
end
= = = = = = = = =Old Firewall config next = = = = = =
: Saved
:
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password MvoRJhzIA4EP12bl encrypted
passwd Ox7YG2iPDYloab72 encrypted
hostname XXXX
domain-name XXXXXXX.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list acl_out permit tcp any host 66.180.146.20 eq www
access-list acl_out permit tcp any host 66.180.146.20 eq 22
access-list acl_out permit tcp any host 66.180.146.20 eq smtp
access-list acl_out permit tcp any host 66.180.146.20 eq nntp
access-list acl_out permit tcp any host 66.180.146.20 eq 10000
access-list acl_out permit udp any host 66.180.146.21 eq 28960
access-list acl_out permit udp any host 66.180.146.21 eq 2302
access-list acl_out permit udp any host 66.180.146.21 eq 1200
access-list acl_out permit udp any host 66.180.146.21 eq 27000
access-list acl_out permit udp any host 66.180.146.21 eq 27001
access-list acl_out permit udp any host 66.180.146.21 eq 27002
access-list acl_out permit udp any host 66.180.146.21 eq 27003
access-list acl_out permit udp any host 66.180.146.21 eq 27004
access-list acl_out permit udp any host 66.180.146.21 eq 27005
access-list acl_out permit udp any host 66.180.146.21 eq 27006
access-list acl_out permit udp any host 66.180.146.21 eq 27007
access-list acl_out permit udp any host 66.180.146.21 eq 27008
access-list acl_out permit udp any host 66.180.146.21 eq 27009
access-list acl_out permit udp any host 66.180.146.21 eq 27010
access-list acl_out permit udp any host 66.180.146.21 eq 27011
access-list acl_out permit udp any host 66.180.146.21 eq 27012
access-list acl_out permit udp any host 66.180.146.21 eq 27013
access-list acl_out permit udp any host 66.180.146.21 eq 27014
access-list acl_out permit udp any host 66.180.146.21 eq 27015
access-list acl_out permit udp any host 66.180.146.21 eq 27020
access-list acl_out permit tcp any host 66.180.146.21 eq 27015
access-list acl_out permit tcp any host 66.180.146.21 eq 27030
access-list acl_out permit tcp any host 66.180.146.21 eq 27031
access-list acl_out permit tcp any host 66.180.146.21 eq 27032
access-list acl_out permit tcp any host 66.180.146.21 eq 27033
access-list acl_out permit tcp any host 66.180.146.21 eq 27034
access-list acl_out permit tcp any host 66.180.146.21 eq 27035
access-list acl_out permit tcp any host 66.180.146.21 eq 27036
access-list acl_out permit tcp any host 66.180.146.21 eq 27037
access-list acl_out permit tcp any host 66.180.146.21 eq 27038
access-list acl_out permit tcp any host 66.180.146.21 eq 27039
access-list acl_out permit tcp any host 66.180.146.21 eq 5900
access-list acl_out permit tcp any host 66.180.146.21 eq 5901
access-list acl_out permit tcp any host 66.180.146.21 eq 5800
access-list acl_out permit tcp any host 66.180.146.21 eq 5801
access-list acl_out permit tcp any host 66.180.146.21 eq ftp
access-list acl_out permit tcp any host 66.180.146.21 eq 22
access-list acl_out permit udp any host 66.180.146.21 eq 27021
access-list acl_out permit udp any host 66.180.146.21 eq 27022
access-list acl_out permit udp any host 66.180.146.21 eq 27023
access-list acl_out permit udp any host 66.180.146.21 eq 27024
access-list acl_out permit udp any host 66.180.146.21 eq 27025
access-list acl_out permit udp any host 66.180.146.21 eq 27026
access-list acl_out permit udp any host 66.180.146.21 eq 27027
access-list acl_out permit udp any host 66.180.146.21 eq 27028
access-list acl_out permit udp any host 66.180.146.21 eq 27029
access-list acl_out permit udp any host 66.180.146.21 eq 27030
access-list acl_out permit tcp any host 66.180.146.20 eq 3784
access-list acl_out permit udp any host 66.180.146.21 eq 10000
access-list acl_out permit tcp any host 66.180.146.21 eq 27040
access-list acl_out permit tcp any host 66.180.146.21 eq 27041
access-list acl_out permit udp any host 66.180.146.21 eq 27040
access-list acl_out permit udp any host 66.180.146.21 eq 27041
access-list acl_out permit tcp any host 66.180.146.21 eq 6112
access-list acl_out permit udp any host 66.180.146.21 eq 6112
access-list acl_out permit tcp any host 66.180.146.21 eq 6113
access-list acl_out permit udp any host 66.180.146.21 eq 6113
access-list acl_out permit tcp any host 66.180.146.21 eq 6114
access-list acl_out permit udp any host 66.180.146.21 eq 6114
access-list acl_out permit tcp any host 66.180.146.21 eq 6115
access-list acl_out permit udp any host 66.180.146.21 eq 6115
access-list acl_out permit tcp any host 66.180.146.21 eq 6116
access-list acl_out permit udp any host 66.180.146.21 eq 6116
access-list acl_out permit tcp any host 66.180.146.21 eq 6117
access-list acl_out permit udp any host 66.180.146.21 eq 6117
pager lines 24
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 66.180.146.18 255.255.255.248
ip address inside 10.0.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 66.180.146.19 netmask 255.255.255.248
nat (inside) 1 10.0.0.0 255.0.0.0 0 0
static (inside,outside) 66.180.146.20 10.0.0.5 netmask 255.255.255.255 0 0
static (inside,outside) 66.180.146.21 10.0.0.11 netmask 255.255.255.255 0 0
static (inside,outside) 66.180.146.22 10.0.0.6 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
conduit permit icmp any any echo-reply
route outside 0.0.0.0 0.0.0.0 66.180.148.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh timeout 5
terminal width 80
Cryptochecksum:fbb5cb30b4d5abf98fb62045bae9dea4
Avatar of OGSan
OGSan
Flag of United States of America image

ASKER

Here are the new router/firewall configs:

Current configuration : 817 bytes
!
! Last configuration change at 09:22:12 HST Sun Aug 12 2007
!
version 12.2
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service password-encryption
!
hostname XXXXXXXXXX
!
logging buffered 4096 debugging
enable secret 5 $1$nRXz$Jn/tMGcR56238D4rHi1hk.
!
clock timezone HST -10
ip subnet-zero
ip name-server 72.235.80.12
ip name-server 72.235.80.4
!
!
!
!
interface FastEthernet0
 ip address 72.235.188.177 255.255.255.240
 speed auto
!
interface Serial0
 ip address 72.235.190.158 255.255.255.252
 encapsulation ppp
 service-module t1 timeslots 1-24
!
ip classless
ip route 0.0.0.0 0.0.0.0 72.235.190.157
no ip http server
!
!
!
line con 0
line aux 0
line vty 0 4
 password XXXXXXXXXX
 login
!
no scheduler allocate
sntp server 192.5.41.40
end
= = = = = = = = = New Firewall config next = = = = = =
:
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password MvoRJhzIA4EP12bl encrypted
passwd Ox7YG2iPDYloab72 encrypted
hostname XXXX
domain-name XXXXXXXX.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list acl_out permit tcp any host 72.235.188.180 eq www
access-list acl_out permit tcp any host 72.235.188.180 eq 22
access-list acl_out permit tcp any host 72.235.188.180 eq smtp
access-list acl_out permit tcp any host 72.235.188.180 eq nntp
access-list acl_out permit tcp any host 72.235.188.180 eq 3784
access-list acl_out permit udp any host 72.235.188.182 eq 28960
access-list acl_out permit udp any host 72.235.188.182 eq 2302
access-list acl_out permit udp any host 72.235.188.182 eq 1200
access-list acl_out permit udp any host 72.235.188.182 eq 27000
access-list acl_out permit udp any host 72.235.188.182 eq 27001
access-list acl_out permit udp any host 72.235.188.182 eq 27002
access-list acl_out permit udp any host 72.235.188.182 eq 27003
access-list acl_out permit udp any host 72.235.188.182 eq 27004
access-list acl_out permit udp any host 72.235.188.182 eq 27005
access-list acl_out permit udp any host 72.235.188.182 eq 27006
access-list acl_out permit udp any host 72.235.188.182 eq 27007
access-list acl_out permit udp any host 72.235.188.182 eq 27008
access-list acl_out permit udp any host 72.235.188.182 eq 27009
access-list acl_out permit udp any host 72.235.188.182 eq 27010
access-list acl_out permit udp any host 72.235.188.182 eq 27011
access-list acl_out permit udp any host 72.235.188.182 eq 27012
access-list acl_out permit udp any host 72.235.188.182 eq 27013
access-list acl_out permit udp any host 72.235.188.182 eq 27014
access-list acl_out permit udp any host 72.235.188.182 eq 27015
access-list acl_out permit udp any host 72.235.188.182 eq 27020
access-list acl_out permit tcp any host 72.235.188.182 eq 27015
access-list acl_out permit tcp any host 72.235.188.182 eq 27030
access-list acl_out permit tcp any host 72.235.188.182 eq 27031
access-list acl_out permit tcp any host 72.235.188.182 eq 27033
access-list acl_out permit tcp any host 72.235.188.182 eq 27034
access-list acl_out permit tcp any host 72.235.188.182 eq 27035
access-list acl_out permit tcp any host 72.235.188.182 eq 27036
access-list acl_out permit tcp any host 72.235.188.182 eq 27037
access-list acl_out permit tcp any host 72.235.188.182 eq 27038
access-list acl_out permit tcp any host 72.235.188.182 eq 27039
access-list acl_out permit tcp any host 72.235.188.182 eq 5900
access-list acl_out permit tcp any host 72.235.188.182 eq 5901
access-list acl_out permit tcp any host 72.235.188.182 eq 5800
access-list acl_out permit tcp any host 72.235.188.182 eq 5801
access-list acl_out permit tcp any host 72.235.188.182 eq ftp
access-list acl_out permit tcp any host 72.235.188.182 eq 22
access-list acl_out permit udp any host 72.235.188.182 eq 27021
access-list acl_out permit udp any host 72.235.188.182 eq 27022
access-list acl_out permit udp any host 72.235.188.182 eq 27023
access-list acl_out permit udp any host 72.235.188.182 eq 27024
access-list acl_out permit udp any host 72.235.188.182 eq 27025
access-list acl_out permit udp any host 72.235.188.182 eq 27026
access-list acl_out permit udp any host 72.235.188.182 eq 27027
access-list acl_out permit udp any host 72.235.188.182 eq 27028
access-list acl_out permit udp any host 72.235.188.182 eq 27029
access-list acl_out permit udp any host 72.235.188.182 eq 27030
access-list acl_out permit tcp any host 72.235.188.182 eq 27040
access-list acl_out permit tcp any host 72.235.188.182 eq 27041
access-list acl_out permit udp any host 72.235.188.182 eq 27040
access-list acl_out permit udp any host 72.235.188.182 eq 27041
access-list acl_out permit tcp any host 72.235.188.182 eq 6112
access-list acl_out permit udp any host 72.235.188.182 eq 6112
access-list acl_out permit tcp any host 72.235.188.182 eq 6113
access-list acl_out permit udp any host 72.235.188.182 eq 6113
access-list acl_out permit tcp any host 72.235.188.182 eq 6114
access-list acl_out permit udp any host 72.235.188.182 eq 6114
access-list acl_out permit tcp any host 72.235.188.182 eq 6115
access-list acl_out permit udp any host 72.235.188.182 eq 6115
access-list acl_out permit tcp any host 72.235.188.182 eq 6116
access-list acl_out permit udp any host 72.235.188.182 eq 6116
access-list acl_out permit tcp any host 72.235.188.182 eq 6117
access-list acl_out permit udp any host 72.235.188.182 eq 6117
pager lines 24
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 72.235.188.178 255.255.255.240
ip address inside 10.0.0.1 255.255.255.0
pdm history enable
arp timeout 14400
global (outside) 1 72.235.188.179 netmask 255.255.255.240
nat (inside) 1 10.0.0.0 255.0.0.0 0 0                  <-- ?? or is it supposed to be nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 72.235.188.180 10.0.0.5 netmask 255.255.255.255 0 0
static (inside,outside) 72.235.188.181 10.0.0.6 netmask 255.255.255.255 0 0
static (inside,outside) 72.235.188.182 10.0.0.11 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
conduit permit icmp any any echo-reply
route outside 0.0.0.0 0.0.0.0 72.235.188.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh timeout 5
terminal width 80
Cryptochecksum:e864f792f2984e7d1e183a133128121d
ASKER CERTIFIED SOLUTION
Avatar of mikecr
mikecr
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of OGSan
OGSan
Flag of United States of America image

ASKER

Hi, Mike -
Thanks for your review of the config - we can't see anything wrong either.  I will ask your questions of our network admin and see what he says.  I'll be back.
Avatar of OGSan
OGSan
Flag of United States of America image

ASKER

Hi, Mike - Here's more info:
Pix can ping to the router - but not internet.  Router can ping everywhere no problems.
Reboots were done but no dice.
Avatar of OGSan
OGSan
Flag of United States of America image

ASKER

We have fixed this problem.  No replies are necessary.  Awarding points to mike for taking the time to review our configs and confirm that all looks fine.