topic PIX Version 7.0(2) - very strange problem in Network Security https://community.cisco.com/t5/network-security/pix-version-7-0-2-very-strange-problem/m-p/451305#M532643 <P>HI All,</P><P>i have a pix 515 with two ethernet port.</P><P>Problem: Pix work good but if i reload pix, inside network not access in internet (outside), if i reconfigure global and nat parameter it work correctly.</P><P>If there are error in my configuration , where is?</P><P>This is my sample configuration:</P><P>*****************************************</P><P>: Saved</P><P>: Written by enable_15 at 19:11:42.266 GMT Wed Sep 28 2005</P><P></P><P>PIX Version 7.0(2) </P><P>names</P><P>name 192.168.149.1 IperRouter</P><P>name 192.168.149.2 IperSwitch1</P><P>name 10.10.10.1 RouterISPTelecom</P><P>name 192.168.0.0 LocalLAN</P><P>!</P><P>interface Ethernet0</P><P> description Interfaccia Interna LOCAL</P><P> nameif inside</P><P> security-level 100</P><P> ip address 192.168.149.3 255.255.255.128 </P><P>!</P><P>interface Ethernet1</P><P> description Interfaccia Esterna PUBBLIC</P><P> nameif outside</P><P> security-level 0</P><P> ip address 10.10.10.10 255.255.255.0 </P><P>!</P><P>enable password xxxx</P><P>passwd xxxx</P><P>hostname PIXFW</P><P>domain-name sample.com</P><P>ftp mode passive</P><P>clock timezone GMT 1</P><P>object-group service USER-SERVICE tcp</P><P> port-object eq www</P><P> port-object eq domain</P><P> port-object eq https</P><P>access-list inside_out extended permit tcp 192.168.149.0 255.255.255.128 any object-group USER-SERVICE </P><P>pager lines 24</P><P>mtu inside 1500</P><P>mtu outside 1500</P><P>no failover</P><P>monitor-interface inside</P><P>monitor-interface outside</P><P>no asdm history enable</P><P>arp timeout 14400</P><P>global (outside) 1 interface</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>route outside 0.0.0.0 0.0.0.0 RouterISPTelecom 1</P><P>timeout xlate 0:05:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00</P><P>timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00</P><P>timeout uauth 0:05:00 absolute</P><P>username xxxx password xxxxx privilege 15</P><P>no snmp-server location</P><P>no snmp-server contact</P><P>snmp-server enable traps snmp</P><P>telnet 192.168.149.4 255.255.255.255 inside</P><P>telnet timeout 60</P><P>ssh timeout 5</P><P>console timeout 0</P><P>!</P><P>class-map inspection_default</P><P> match default-inspection-traffic</P><P>!</P><P>!</P><P>policy-map global_policy</P><P> class inspection_default</P><P> inspect dns maximum-length 512 </P><P> inspect ftp </P><P> inspect h323 h225 </P><P> inspect h323 ras </P><P> inspect netbios </P><P> inspect rsh </P><P> inspect rtsp </P><P> inspect skinny </P><P> inspect esmtp </P><P> inspect sqlnet </P><P> inspect sunrpc </P><P> inspect tftp </P><P> inspect sip </P><P> inspect xdmcp </P><P>!</P><P>service-policy global_policy global</P><P>Cryptochecksum:3feecbf2b67c2afd60867adbeec50c13</P><P>: end</P><P>*****************************************</P><P></P><P></P><P></P> Fri, 21 Feb 2020 08:25:50 GMT e.deangelis 2020-02-21T08:25:50Z PIX Version 7.0(2) - very strange problem https://community.cisco.com/t5/network-security/pix-version-7-0-2-very-strange-problem/m-p/451305#M532643 <P>HI All,</P><P>i have a pix 515 with two ethernet port.</P><P>Problem: Pix work good but if i reload pix, inside network not access in internet (outside), if i reconfigure global and nat parameter it work correctly.</P><P>If there are error in my configuration , where is?</P><P>This is my sample configuration:</P><P>*****************************************</P><P>: Saved</P><P>: Written by enable_15 at 19:11:42.266 GMT Wed Sep 28 2005</P><P></P><P>PIX Version 7.0(2) </P><P>names</P><P>name 192.168.149.1 IperRouter</P><P>name 192.168.149.2 IperSwitch1</P><P>name 10.10.10.1 RouterISPTelecom</P><P>name 192.168.0.0 LocalLAN</P><P>!</P><P>interface Ethernet0</P><P> description Interfaccia Interna LOCAL</P><P> nameif inside</P><P> security-level 100</P><P> ip address 192.168.149.3 255.255.255.128 </P><P>!</P><P>interface Ethernet1</P><P> description Interfaccia Esterna PUBBLIC</P><P> nameif outside</P><P> security-level 0</P><P> ip address 10.10.10.10 255.255.255.0 </P><P>!</P><P>enable password xxxx</P><P>passwd xxxx</P><P>hostname PIXFW</P><P>domain-name sample.com</P><P>ftp mode passive</P><P>clock timezone GMT 1</P><P>object-group service USER-SERVICE tcp</P><P> port-object eq www</P><P> port-object eq domain</P><P> port-object eq https</P><P>access-list inside_out extended permit tcp 192.168.149.0 255.255.255.128 any object-group USER-SERVICE </P><P>pager lines 24</P><P>mtu inside 1500</P><P>mtu outside 1500</P><P>no failover</P><P>monitor-interface inside</P><P>monitor-interface outside</P><P>no asdm history enable</P><P>arp timeout 14400</P><P>global (outside) 1 interface</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>route outside 0.0.0.0 0.0.0.0 RouterISPTelecom 1</P><P>timeout xlate 0:05:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02</P><P>timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00</P><P>timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00</P><P>timeout uauth 0:05:00 absolute</P><P>username xxxx password xxxxx privilege 15</P><P>no snmp-server location</P><P>no snmp-server contact</P><P>snmp-server enable traps snmp</P><P>telnet 192.168.149.4 255.255.255.255 inside</P><P>telnet timeout 60</P><P>ssh timeout 5</P><P>console timeout 0</P><P>!</P><P>class-map inspection_default</P><P> match default-inspection-traffic</P><P>!</P><P>!</P><P>policy-map global_policy</P><P> class inspection_default</P><P> inspect dns maximum-length 512 </P><P> inspect ftp </P><P> inspect h323 h225 </P><P> inspect h323 ras </P><P> inspect netbios </P><P> inspect rsh </P><P> inspect rtsp </P><P> inspect skinny </P><P> inspect esmtp </P><P> inspect sqlnet </P><P> inspect sunrpc </P><P> inspect tftp </P><P> inspect sip </P><P> inspect xdmcp </P><P>!</P><P>service-policy global_policy global</P><P>Cryptochecksum:3feecbf2b67c2afd60867adbeec50c13</P><P>: end</P><P>*****************************************</P><P></P><P></P><P></P> Fri, 21 Feb 2020 08:25:50 GMT https://community.cisco.com/t5/network-security/pix-version-7-0-2-very-strange-problem/m-p/451305#M532643 e.deangelis 2020-02-21T08:25:50Z Re: PIX Version 7.0(2) - very strange problem https://community.cisco.com/t5/network-security/pix-version-7-0-2-very-strange-problem/m-p/451306#M532646 <HTML><HEAD></HEAD><BODY><P>the config seems right. collect some syslog messages when it is failing (before you reconfigure the nat/global)</P><P></P><P>thanks</P><P>Nadeem</P></BODY></HTML> Sun, 02 Oct 2005 23:35:04 GMT https://community.cisco.com/t5/network-security/pix-version-7-0-2-very-strange-problem/m-p/451306#M532646 nkhawaja 2005-10-02T23:35:04Z