Pix + Broadband

semaj9991 — Fri, 21 Feb 2020 06:51:58 GMT

I've been researching this problem for several days now, and have come up totally short in terms of finding a solution. I have a PIX 515 with an internal network range of 10.10.0.0/8 behind it and a single external IP I obtain via DHCP [cable]. I have the PIX inside configured as 10.10.0.1 and I have it using DHCP to obtain an IP for the external address.

Now here's the problem: I can ping the other 10.10.0.0/8 machines

from the PIX, and I can ping outside IPs from the PIX. However, I cannot

get the traffic to route from the internal network through the PIX using

PAT.

I think I am missing some route command to send all 0 0 traffic from the inside to the outside, but ??

I am still learning so any extra info would be appreciated as well.

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxx

encrypted

passwd xxxx

encrypted

hostname test

domain-name test

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list acl_grp permit icmp any any

pager lines 24

logging on

logging buffered debugging

interface ethernet0 auto

interface ethernet1 auto

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 10.10.0.1 255.0.0.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

conduit permit icmp any any

rip inside default version 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 a

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http xxx.xxx.3.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

no floodguard enable

no sysopt route dnat

telnet timeout 5

ssh timeout 5

dhcpd address 10.10.0.10-10.10.0.50 inside

dhcpd lease 3000

dhcpd ping_timeout 750

dhcpd domain rw.com

dhcpd enable inside

terminal width 80

Cryptochecksum:

: end

Re: Pix + Broadband

tvanginneken — Mon, 21 Jul 2003 14:47:04 GMT

Hi,

the default route is set by the 'setroute' parameter of the 'ip address' command. So that ok.

That nat/global statement also seem ok. Every packets that goes out is hidden by the outside interface address.

You are trying to mix conduits and access-lists. This may cause the problems. Remove the conduit command for the icmp and use only the access-list command. Make sure to bind the access-list to the outside interface:

no conduit permit icmp any any

access-list acl_grp permit icmp any any

access-group acl-grp in interface outside

These lines allow all inbound icmp traffic from the outside to the inside. May be you should narrow it down to only icmp echo replies packets.

Kind Regards,

Tom

topic Pix + Broadband in Network Security

Pix + Broadband

Re: Pix + Broadband