Solved

Can not get to th5 internet using the pix 515 after reconfig.

Posted on 2007-11-18
8
221 Views
Last Modified: 2010-04-09
I just configured a pix 515, but we can not get to the internet. Below is the config for the pix. I have replaced our outside ip with 111.111.111.111 and the isp's gateway address is the ip starting with 75.95.    .  I used the ASDM to configure it, but I can try any commands that you might want to try. Thanks

asdm image flash:/asdm-506.bin
no asdm history enable
: Saved
:
PIX Version 7.0(6)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password raHZQL7ms9rnBSaV encrypted
names
dns-guard
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address 111.111.111.111 255.255.255.248
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.100.1 255.255.255.0
!
interface Ethernet2
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
asdm image flash:/asdm-506.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 75.95.8o.230 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.100.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.100.30-192.168.100.254 inside
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
Cryptochecksum:8cdfcde6b19a5f6c0aa95aa3d7d8b342
: end

0
Comment
Question by:netcomp
  • 4
  • 2
8 Comments
 
LVL 1

Author Comment

by:netcomp
ID: 20309993
anyone out there?
0
 
LVL 29

Assisted Solution

by:Alan Huseyin Kayahan
Alan Huseyin Kayahan earned 500 total points
ID: 20311351
   Hi netcomp
     Add the following in CLI
      global (outside) 1 interface

Regards
0
 
LVL 1

Author Comment

by:netcomp
ID: 20317004
Ok, I will do that.

What does that do. Or what was I missing. I am new to the pix and want to learn. Thank you,
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 500 total points
ID: 20318847
   Hi netcomp
        PIX is not a router. When you enter a NAT statement as nat (inside) 1 0 0, it should have a global statement, which represents the IP address/interface that inside is NATted. As you enter global (outside) 1 interface, the network specified in NAT statement, which belongs to group 1, will be address translated to outside interface address. In your case, all inside traffic (0.0.0.0 means any) will be addres translated to outside interface IP. This is also known as many-to-one NAT (PAT). You can specify a pool for global statement also

Regards
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 22970621
Can you please tell me which question of you that I didnt answer made you not to collaborate and not to keep informing about the current status of the issue and try to solve it on your own? Besides what extra configuration did you enter and made it work?

Regards
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 22975648
modus_operandi,
   Sorry about that, I didnt check the points portion, I just saw the "I figured it out myself" comment and responded to that comment only
   
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now