We help IT Professionals succeed at work.

NAT on cisco pix

aaresearch
aaresearch asked
on
452 Views
Last Modified: 2010-04-09
Hi there,

I am using a CISCO pix 506E as a firewall between a dsl router and my LAN, I would like to get out the the internet using a PC inside the LAN, the problem is; I can't ping the outside interface of the firewall from the PC I can only ping the inside interface. I guess I need to setup NAT? Can someone one help?

Thanks!

Here's the conf

IX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list inside_access_in permit icmp any any echo-reply log
access-list inside_access_in permit tcp any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 192.168.1.2 255.255.255.0
ip address inside 192.168.2.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group inside_access_in in interface inside
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
terminal width 80
Comment
Watch Question

Systems Architect
CERTIFIED EXPERT
Top Expert 2008
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for the comment Irmoore, I added those command and still can't ping the router from the inside host any idea? Thanks
Les MooreSystems Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
I would suggest putting the router in bridge mode and let the PIX get the public IP, but you should be able to get out. What is the router's IP supposed to be? 192.168.1.254? That is the IP that you should use as the route outside.
Can you ping the router from the PIX itself?

Author

Commented:
I had to add this command
global (outside) 1 192.168.1.2-192.168.1.254 netmask 255.255.255.0
it works now, thanks
Les MooreSystems Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
You should not have had to add that because you already have this, and it is all you need:
 global (outside) 1 interface

Author

Commented:
I think that did not work because it included the interface IP, may be it's was something else then.

Thanks
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.