netcomp
asked on
Can not get to th5 internet using the pix 515 after reconfig.
I just configured a pix 515, but we can not get to the internet. Below is the config for the pix. I have replaced our outside ip with 111.111.111.111 and the isp's gateway address is the ip starting with 75.95. . I used the ASDM to configure it, but I can try any commands that you might want to try. Thanks
asdm image flash:/asdm-506.bin
no asdm history enable
: Saved
:
PIX Version 7.0(6)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password raHZQL7ms9rnBSaV encrypted
names
dns-guard
!
interface Ethernet0
nameif outside
security-level 0
ip address 111.111.111.111 255.255.255.248
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
asdm image flash:/asdm-506.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 75.95.8o.230 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.100.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.100.30-192.168.100
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:8cdfcde6b19
: end
asdm image flash:/asdm-506.bin
no asdm history enable
: Saved
:
PIX Version 7.0(6)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password raHZQL7ms9rnBSaV encrypted
names
dns-guard
!
interface Ethernet0
nameif outside
security-level 0
ip address 111.111.111.111 255.255.255.248
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
asdm image flash:/asdm-506.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 75.95.8o.230 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.100.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.100.30-192.168.100
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:8cdfcde6b19
: end
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I will do that.
What does that do. Or what was I missing. I am new to the pix and want to learn. Thank you,
What does that do. Or what was I missing. I am new to the pix and want to learn. Thank you,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you please tell me which question of you that I didnt answer made you not to collaborate and not to keep informing about the current status of the issue and try to solve it on your own? Besides what extra configuration did you enter and made it work?
Regards
Regards
modus_operandi,
Sorry about that, I didnt check the points portion, I just saw the "I figured it out myself" comment and responded to that comment only
Sorry about that, I didnt check the points portion, I just saw the "I figured it out myself" comment and responded to that comment only
ASKER