Solved

Can not get to th5 internet using the pix 515 after reconfig.

Posted on 2007-11-18
8
231 Views
Last Modified: 2010-04-09
I just configured a pix 515, but we can not get to the internet. Below is the config for the pix. I have replaced our outside ip with 111.111.111.111 and the isp's gateway address is the ip starting with 75.95.    .  I used the ASDM to configure it, but I can try any commands that you might want to try. Thanks

asdm image flash:/asdm-506.bin
no asdm history enable
: Saved
:
PIX Version 7.0(6)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password raHZQL7ms9rnBSaV encrypted
names
dns-guard
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address 111.111.111.111 255.255.255.248
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.100.1 255.255.255.0
!
interface Ethernet2
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
asdm image flash:/asdm-506.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 75.95.8o.230 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.100.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.100.30-192.168.100.254 inside
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
Cryptochecksum:8cdfcde6b19a5f6c0aa95aa3d7d8b342
: end

0
Comment
Question by:netcomp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 1

Author Comment

by:netcomp
ID: 20309993
anyone out there?
0
 
LVL 29

Assisted Solution

by:Alan Huseyin Kayahan
Alan Huseyin Kayahan earned 500 total points
ID: 20311351
   Hi netcomp
     Add the following in CLI
      global (outside) 1 interface

Regards
0
 
LVL 1

Author Comment

by:netcomp
ID: 20317004
Ok, I will do that.

What does that do. Or what was I missing. I am new to the pix and want to learn. Thank you,
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 500 total points
ID: 20318847
   Hi netcomp
        PIX is not a router. When you enter a NAT statement as nat (inside) 1 0 0, it should have a global statement, which represents the IP address/interface that inside is NATted. As you enter global (outside) 1 interface, the network specified in NAT statement, which belongs to group 1, will be address translated to outside interface address. In your case, all inside traffic (0.0.0.0 means any) will be addres translated to outside interface IP. This is also known as many-to-one NAT (PAT). You can specify a pool for global statement also

Regards
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 22970621
Can you please tell me which question of you that I didnt answer made you not to collaborate and not to keep informing about the current status of the issue and try to solve it on your own? Besides what extra configuration did you enter and made it work?

Regards
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 22975648
modus_operandi,
   Sorry about that, I didnt check the points portion, I just saw the "I figured it out myself" comment and responded to that comment only
   
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question