Solved

Can not get to th5 internet using the pix 515 after reconfig.

Posted on 2007-11-18
8
230 Views
Last Modified: 2010-04-09
I just configured a pix 515, but we can not get to the internet. Below is the config for the pix. I have replaced our outside ip with 111.111.111.111 and the isp's gateway address is the ip starting with 75.95.    .  I used the ASDM to configure it, but I can try any commands that you might want to try. Thanks

asdm image flash:/asdm-506.bin
no asdm history enable
: Saved
:
PIX Version 7.0(6)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password raHZQL7ms9rnBSaV encrypted
names
dns-guard
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address 111.111.111.111 255.255.255.248
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.100.1 255.255.255.0
!
interface Ethernet2
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
asdm image flash:/asdm-506.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 75.95.8o.230 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.100.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.100.30-192.168.100.254 inside
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
Cryptochecksum:8cdfcde6b19a5f6c0aa95aa3d7d8b342
: end

0
Comment
Question by:netcomp
  • 4
  • 2
8 Comments
 
LVL 1

Author Comment

by:netcomp
ID: 20309993
anyone out there?
0
 
LVL 29

Assisted Solution

by:Alan Huseyin Kayahan
Alan Huseyin Kayahan earned 500 total points
ID: 20311351
   Hi netcomp
     Add the following in CLI
      global (outside) 1 interface

Regards
0
 
LVL 1

Author Comment

by:netcomp
ID: 20317004
Ok, I will do that.

What does that do. Or what was I missing. I am new to the pix and want to learn. Thank you,
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 500 total points
ID: 20318847
   Hi netcomp
        PIX is not a router. When you enter a NAT statement as nat (inside) 1 0 0, it should have a global statement, which represents the IP address/interface that inside is NATted. As you enter global (outside) 1 interface, the network specified in NAT statement, which belongs to group 1, will be address translated to outside interface address. In your case, all inside traffic (0.0.0.0 means any) will be addres translated to outside interface IP. This is also known as many-to-one NAT (PAT). You can specify a pool for global statement also

Regards
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 22970621
Can you please tell me which question of you that I didnt answer made you not to collaborate and not to keep informing about the current status of the issue and try to solve it on your own? Besides what extra configuration did you enter and made it work?

Regards
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 22975648
modus_operandi,
   Sorry about that, I didnt check the points portion, I just saw the "I figured it out myself" comment and responded to that comment only
   
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Guest Wi-Fi Time out 3 31
Cisco IPSec VPN Connection with Mac only sees Public folder 19 45
Cisco Switch VLAN voice and Data 2 40
Error after upgrade of 3850s 15 51
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question