asked on

Cisco PIX 515 Reconfiguration for new T-1 Line

Hi All,

I am having trouble with reconfiguring our PIX 515 for our new data line. We're currently on a Frame Relay and are changing over to a T-1 from another provider. After making the necessary changes to the router configuration, I am able to able to surf the Internet by connecting a laptop directly up to the router using a cross-over cable, so I know the new T-1 line is provisioned correctly for Internet traffic.

Lasptop Settings:
Laptop IP Address: 67.200.135.194
Subnet: 255.255.255.248
Default Gateway: 67.200.135.193 (Routers IP Address)
DNS: 66.196.212.10

Using the same router configuration and making the necessary changes in the PIX, I cant access the Internet. After making the changes to the PIX and writing them to memory, I reboot the PIX and the router, but Internet traffic does not flow.

Below are the changes that I made to the router. After implementing the changes, I was able to hook a laptop up directly to the router (using a cross-over cable) and use the Internet, so I know the data line is provisioned and working correctly. The technician from Logix also did the same.

ip domain-lookup
!
ip name-server 66.196.212.10
ip name-server 216.201.128.10

!

interface FastEthernet0/0
description public addresses for ethernet LAN
ip address 67.200.135.193 255.255.255.248
duplex auto
speed auto
!
interface Serial0/0
description T1 Connection to Logix
ip address 10.44.128.170 255.255.255.252
encapsulation HDLC
no ip directed-broadcast
service-module t1 timeslots 1-24
!
interface Serial0/1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.44.128.169

Any ideas what I am doing wrong? We do also have a "Point-toPoint" data line installed that goes directly to our office in Taiwan. It's internal address is 192.168.10.254. I am going to attempt the changes again Friday evening after work.

Thank you very much.
2621-011508.TXT
csb-att-ip.pdf
csb-logix-ip.pdf
ip-asddress-translation.xls
Pix-011508.doc
pix-after-changes-0108.doc

batry_boy

The first thing that I see when I look at your "pix-after-changes-0108.doc" configuration, is that you are NAT'ing your internal traffic to a public IP that is not in your new public block of IP addresses. See the command below:

global (outside) 1 67.200.135.206

Your public range is 67.200.135.192/29, which includes useable addresses between .193-.198 and does not include .206 as in the global command above. Change your global to use one of the public addresses in your range and try again. Use these commands:

no global (outside) 1 67.200.135.206
global (outside) 1 67.200.135.xxx <---whichever one between .195-.198 you desire, since .193-.194 are used
clear xlate

You also have some static translations and conduit statements that you will have to modify as well, for the same reason as stated above.

Hope that helps...

bearnkat

ASKER

Thank you I apprecaite the help very much, I'll give the configuration changes a try tomorrow evening after work and let you know the outcome.

Chuck

bearnkat

ASKER

batry_boy:

After what you pointed out I started looking at the IP configuration sheet that Logix provided. I didn't even think about checking the public IP address range against the subnet. They have the subnet down as 255.255.255.248. They made a typo and it should have been 255.255.255.240. That will make all the difference in the world I'll be taking care of the configuration change this evening and will let you know the outcome.

Thank you again,

Chuck

ASKER CERTIFIED SOLUTION

batry_boy

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

bearnkat

ASKER

Success! Thank you so much. All is working perfectly now. I feel I should charge the provider for my time since they made the typo!

Thank you again for your expert assistance!

Chuck

bearnkat

ASKER

Absolutely outstanding help! Thank you, thank you!