• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 247
  • Last Modified:

Can not get to th5 internet using the pix 515 after reconfig.

I just configured a pix 515, but we can not get to the internet. Below is the config for the pix. I have replaced our outside ip with 111.111.111.111 and the isp's gateway address is the ip starting with 75.95.    .  I used the ASDM to configure it, but I can try any commands that you might want to try. Thanks

asdm image flash:/asdm-506.bin
no asdm history enable
: Saved
:
PIX Version 7.0(6)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password raHZQL7ms9rnBSaV encrypted
names
dns-guard
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address 111.111.111.111 255.255.255.248
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.100.1 255.255.255.0
!
interface Ethernet2
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
asdm image flash:/asdm-506.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 75.95.8o.230 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.100.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.100.30-192.168.100.254 inside
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
Cryptochecksum:8cdfcde6b19a5f6c0aa95aa3d7d8b342
: end

0
netcomp
Asked:
netcomp
  • 4
  • 2
2 Solutions
 
netcompAuthor Commented:
anyone out there?
0
 
Alan Huseyin KayahanCommented:
   Hi netcomp
     Add the following in CLI
      global (outside) 1 interface

Regards
0
 
netcompAuthor Commented:
Ok, I will do that.

What does that do. Or what was I missing. I am new to the pix and want to learn. Thank you,
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Alan Huseyin KayahanCommented:
   Hi netcomp
        PIX is not a router. When you enter a NAT statement as nat (inside) 1 0 0, it should have a global statement, which represents the IP address/interface that inside is NATted. As you enter global (outside) 1 interface, the network specified in NAT statement, which belongs to group 1, will be address translated to outside interface address. In your case, all inside traffic (0.0.0.0 means any) will be addres translated to outside interface IP. This is also known as many-to-one NAT (PAT). You can specify a pool for global statement also

Regards
0
 
Alan Huseyin KayahanCommented:
Can you please tell me which question of you that I didnt answer made you not to collaborate and not to keep informing about the current status of the issue and try to solve it on your own? Besides what extra configuration did you enter and made it work?

Regards
0
 
Alan Huseyin KayahanCommented:
modus_operandi,
   Sorry about that, I didnt check the points portion, I just saw the "I figured it out myself" comment and responded to that comment only
   
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now