https://community.cisco.com/t5/network-security/pix-501/m-p/102847#M671476 <HTML><HEAD></HEAD><BODY><P>For basic inside to outside connections without yet configuring for outside to in access. eg. All out, none in.</P><P>remove:</P><P>nat (inside) 0 access-list inside_access_in</P><P>access-list inside_access_in permit ip 192.168.1.0 255.255.255.0 any</P><P>Change:</P><P>global (outside) 1 *ISP ASSIGNED 2nd IP*</P><P>to</P><P>global (outside) 1 interface</P><P>add:</P><P>access-list 101 icmp any any</P><P>access-group 101 in interface outside</P><P>for testing ping. ICMP packets must be permitted back in. All other traffic by default is permitted inside to out.</P><P>clear xlate then check following link</P><P><A class="jive-link-custom" href="http://cisco.com/warp/customer/707/28.html" target="_blank">http://cisco.com/warp/customer/707/28.html</A></P></BODY></HTML> Thu, 14 Feb 2002 11:19:32 GMT turnbull 2002-02-14T11:19:32Z https://community.cisco.com/t5/network-security/pix-501/m-p/102846#M671465 <P>I have a PIX that I thought ws successfully setup, but apparently not. I can ping outside resources from within the PIX by IP address only, I cannot ping by DNS name(maybe by design?). However, the server attached to the switch from the PIX cannot get beyond the PIX. The server CAN ping the private address assigned to the PIX and vise-versa, but no outside traffice. Below is my configuration. Any help would be appreciated.</P><P></P><P>PIX Version 6.1(1)</P><P>nameif ethernet0 outside security0</P><P>nameif ethernet1 inside security100</P><P>enable password OLKvKRtWYoX8k0LJ encrypted</P><P>passwd Dx7ZLAkN9r0yT5Q6 encrypted</P><P>hostname pixfirewall</P><P>domain-name 4layout.net</P><P>fixup protocol ftp 21</P><P>fixup protocol http 80</P><P>fixup protocol h323 1720</P><P>fixup protocol rsh 514</P><P>fixup protocol rtsp 554</P><P>fixup protocol smtp 25</P><P>fixup protocol sqlnet 1521</P><P>fixup protocol sip 5060</P><P>fixup protocol skinny 2000</P><P>names</P><P>access-list inside_access_in permit ip 192.168.1.0 255.255.255.0 any</P><P>pager lines 24</P><P>interface ethernet0 10baset</P><P>interface ethernet1 10full</P><P>mtu outside 1500</P><P>mtu inside 1500</P><P>ip address outside *ISP ASSIGNED IP* 255.255.255.128</P><P>ip address inside 192.168.1.1 255.255.255.0</P><P>ip audit info action alarm</P><P>ip audit attack action alarm</P><P>ip local pool pptp-pool 192.168.0.1-192.168.0.50</P><P>pdm logging informational 100</P><P>pdm history enable</P><P>arp timeout 14400</P><P>global (outside) 1 *ISP ASSIGNED 2nd IP*</P><P>nat (inside) 0 access-list inside_access_in</P><P>nat (inside) 1 0.0.0.0 0.0.0.0 0 0</P><P>route outside 0.0.0.0 0.0.0.0 *ISP ASSIGNED GW* 1</P><P>timeout xlate 0:05:00</P><P>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si</P><P>p 0:30:00 sip_media 0:02:00</P><P>timeout uauth 0:05:00 absolute</P><P>aaa-server TACACS+ protocol tacacs+</P><P>aaa-server RADIUS protocol radius</P><P>http server enable</P><P>http 192.168.1.0 255.255.255.0 inside</P><P>no snmp-server location</P><P>no snmp-server contact</P><P>snmp-server community public</P><P>no snmp-server enable traps</P><P>floodguard enable</P><P>no sysopt route dnat</P><P>telnet 192.168.1.0 255.255.255.0 inside</P><P>telnet timeout 5</P><P>ssh timeout 5</P><P>dhcpd lease 3600</P><P>dhcpd ping_timeout 750</P><P>terminal width 80</P><P></P> Fri, 21 Feb 2020 05:58:55 GMT https://community.cisco.com/t5/network-security/pix-501/m-p/102846#M671465 aparker 2020-02-21T05:58:55Z https://community.cisco.com/t5/network-security/pix-501/m-p/102847#M671476 <HTML><HEAD></HEAD><BODY><P>For basic inside to outside connections without yet configuring for outside to in access. eg. All out, none in.</P><P>remove:</P><P>nat (inside) 0 access-list inside_access_in</P><P>access-list inside_access_in permit ip 192.168.1.0 255.255.255.0 any</P><P>Change:</P><P>global (outside) 1 *ISP ASSIGNED 2nd IP*</P><P>to</P><P>global (outside) 1 interface</P><P>add:</P><P>access-list 101 icmp any any</P><P>access-group 101 in interface outside</P><P>for testing ping. ICMP packets must be permitted back in. All other traffic by default is permitted inside to out.</P><P>clear xlate then check following link</P><P><A class="jive-link-custom" href="http://cisco.com/warp/customer/707/28.html" target="_blank">http://cisco.com/warp/customer/707/28.html</A></P></BODY></HTML> Thu, 14 Feb 2002 11:19:32 GMT https://community.cisco.com/t5/network-security/pix-501/m-p/102847#M671476 turnbull 2002-02-14T11:19:32Z