Cisco PIX 525 firewall configuration query

I am attempting to setup a simple configuration on a Cisco PIX 525 firewall.

For whatever reason I cannot seem to get traffic to pass from the inside network to the internet.
starting from a blank firewall we have configured the inside interface and enabled ASDM on the internal network.  The rest of the configuration was carried out through ASDM configure the outide interface and allow all traffic from the internal network outbound.

However when we attempt to connect to any resource on the internet we fail to connect.
Logging shows the connections being created to the correct destination.

If we ping the default gateway from the internal network we get no response.  If we ping the default gateway from a console session on the firewall we get a response.  If we ping an internet address from the console seeion we also get a response.

Have I missed something obvious or should this configuration work?

Here is the configuration
: Saved
PIX Version 7.2(4)
hostname gw-test
enable password .xxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxx encrypted
interface Ethernet0
 nameif outside
 security-level 0
 ip address
interface Ethernet1
 nameif inside
 security-level 100
 ip address
interface GigabitEthernet0
 no nameif
 no security-level
 no ip address
ftp mode passive
dns server-group DefaultDNS
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
monitor-interface outside
monitor-interface inside
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
global (outside) 101 netmask
nat (inside) 101
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
service-policy global_policy global
prompt hostname context
: end
asdm image flash:/asdm
no asdm history enable
Who is Participating?
ksims1129Connect With a Mentor Commented:
this will fix the ability for traffic to traverse the firewall.

access-list NONAT permit ip
nat (inside) 0 access-list NONAT
question- can your workstations ping the inside interface of the pix?
how is  your default gateway of your internal network configured? Do your network switches point to the inside interface of the pix, i.e

ip route (or similar command depending on type of switch)

check your default gateways, as you state the inside of the asa can reach the internet, but the hosts cannot

by default, all inbound traffic is allowed out unless prevented by outbound access list.
Also, is the internal lan just a network, or are there other networks?
If so, then you need static route statements in the pix
you also need a nat access-list so that firewall knows what to translate. add the following to your config.

access-list NONAT permit ip
nat (inside) 0 access-list NONAT

the reason you can;t ping the internal interface is the firewall is routing it out to the internet. once you apply the two able lines of config it will work like a dream.
vodyanoiAuthor Commented:

Reading back through my post I realise I didn't make the situation completely clear.
So I will try again.
Internal network is just - default gateway is ( inside interface of the firewall )
My workstaion can ping the inside interface of the firewall
It cannot ping the outside interface of the firewall or anything beyond it. When I was talking about the default gateway I meant the public gateway as seen from the firewall ( )
apologies for any confusion this may have caused

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.