?
Solved

configure pix with dsl 837

Posted on 2010-01-06
4
Medium Priority
?
301 Views
Last Modified: 2012-05-08
I need help configuring my pix firewall 501
How do I get pc with ip address 192.168.0.2 get on the internet?

Thanks for your response.


INTERNET
       |
       |
       |
 ROUTER 837
       |
       |
   PIX501 ( int dhcp with 837)       |
       |
       |
192.168.0.2


pixfirewall# show run
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
domain-name mydomain.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.0.2 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
rip outside passive version 1
rip inside passive version 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.0.2 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
username dexter password uN3MgqA1lJAVWEBl encrypted privilege 2
terminal width 80
Cryptochecksum:9b95b19a5edc7dd6c34438829b28d518
: end
pixfirewall#
0
Comment
Question by:snoozeit
  • 2
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 2000 total points
ID: 26196898
The config looks good to me....  

Check the following

1) make sure the PC is getting translated...try to get oubound on the PC then do a "show xlate" on the PIX.   You should see an entry for your PC.  

2) make sure the pix can get outbound.   From the PIX Command line, try pinging the public internet (i.e. ping 4.2.2.2)   You should get a reply.  

3) If the pix can ping and the pc is NATing, try pinging outbound to the same address from the PC.   "ping 4.2.2.2"  

4) See if you have any ip connectivity or perhaps some other issue like a dns problem.  

0
 

Author Comment

by:snoozeit
ID: 26197040
Hi Mike,

Thanks for your reply,

I can ping form the pix cli to the router interface and also any public ip address.

I used a public dns so I can now access the internet from the pc.

I cannot ping from the pc to to anywhere( the router interface 192.168.1.1 or any public ip address)  looks like the pix is blocking icmp packets.

Regards.

James.










 

0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 2000 total points
ID: 26197466
Ah, the PIX will need some commands to allow the ping to pass through properly.   You will need something like the following:


access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any time-exceeded
access-group 101 in interface outside


That should alllow you to ping from the internal PC.  

0
 

Author Comment

by:snoozeit
ID: 26197517
Awesome that did it for now : )


0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question