Cannot Ping outside Pix 506e from inside

Posted on 2009-12-29
Last Modified: 2012-05-08
I'm in the process of chaning ISP's(Sprint to ATT) and I need to change my Pix 506e configuration.  My Pix skills are very basic.  I copied the existing Sprint config and pasted it into Notepad.  I replaced all the existing Sprint IP addresses with the new ATT addresses and then copied/pasted into terminal and write mem.  

Currently, I cannot ping the outside ethernet from the inside ehternet or get out to the internet.  Thanks for your help in advance.

Here's a copy of the config.  
interface ethernet0 10full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
access-list outside-in permit icmp any any
access-list outside-in permit tcp any host eq smtp
access-list outside-in permit tcp any host eq https
access-list outside-in permit tcp any host eq www
access-list outside-in permit tcp any host eq pptp
access-list outside-in permit gre any host
access-list outside-in permit udp any host eq snmptrap
access-list dantel1 permit ip
access-list dantel1 permit ip any
access-list splitdantel1 permit ip
access-list outside_cryptomap_dyn_21 permit ip any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside
ip address inside
ip audit info action alarm
ip audit attack action alarm
ip local pool dantelpool
pdm location inside
pdm location inside
pdm location outside
pdm location inside
pdm location outside
pdm location inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list dantel1
nat (inside) 1 0 0
static (inside,outside) udp snmptrap snmptrap netmask 0 0
static (inside,outside) netmask 0 0
static (inside,outside) netmask 0 0
access-group outside-in in interface outside
route outside 1
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map cisco 1 set transform-set myset
crypto dynamic-map cisco 21 match address outside_cryptomap_dyn_21
crypto dynamic-map cisco 21 set transform-set myset
crypto map newmap 10 ipsec-isakmp dynamic cisco
crypto map newmap client authentication partnerauth
crypto map newmap interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet inside
Question by:tcarrillo
    LVL 9

    Expert Comment


    well there is nothing here to do except change the IP addresses. I would like to know if you have set the default route for the new network range.

    a) Change IP address of the outside interface
    b) Take a note of existing NATs and PATs
    c) Remove existing NATs and PATs
    d) Enter new NATs and PATs with the corresponding new IP address(es)
    e) Remove the old default route
    f) Add a new default route
    g) Rewrite the access-lists with the new corresponding IP address(es).

    This should be a straightforward task.


    Author Comment

    I'm sure it is very straight forward for someone who knows what he is doing.  I do not fall into this group.

    I cannot tell from your response if what I did is acceptable.  NOTE: The config shown is the running config for the new ISP.  Everything has been changed but it is not working.  The config reads line for line like the old config but has the new IP addresses in it.

    I thought a starting place would be to solve why I can't ping the outside IP address.  What do I do from here?

    Accepted Solution

    Many hours later I now know how to configure a Pix 506e.  The config above worked once it was correctly saved to the Pix.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
    Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now