Can't ping PC from PIX515

nateleduc · ‎06-15-2012

I am unable to ping my computer (attached via crossover). I can ping from the PC, but not from the PIX515. I'm using ethernet 1, and I have its IP set at 192.168.1.2/24, but for what ever reason I am unable to contact the computer. I tried messing with the access list a little bit but nothing so far.

PIX515(config)# show run

: Saved

:

PIX Version 6.3(5)

interface ethernet0 auto shutdown

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname PIX515

domain-name MAIN

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list 120 permit ip any any

access-list 120 permit icmp any any echo

access-list 101 permit icmp any any echo

access-list 101 permit icmp any any echo-reply

pager lines 24

icmp permit any echo-reply inside

mtu outside 1500

mtu inside 1500

no ip address outside

ip address inside 192.168.1.2 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.1.69 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Cryptochecksum:648285e620f020193b6f804e00e01864

: end

PIX515(config)#

Jennifer Halim · ‎06-15-2012

Pls kindly add the following:

icmp permit any inside

Also, does your PC have any firewall that might be blocking ping?

What is your PC ip address and subnet mask?

nateleduc · ‎06-15-2012

Thanks for the response.

That did not work either. One weird thing is that even in monitor mode I can't ping, but I can be pinged.

PIX:192.168.1.2/24

PC:192.168.1.69/24

Also my firewall is turned off currently

~Nathan

Jennifer Halim · ‎06-15-2012

Indeed weird. If you try to change its ip address to something else, 192.168.1.100/24, does it work? I assume that it only has 1 NIC?

nateleduc · ‎06-15-2012

Change what, the computer or the PIX?
Here is my exact output for monitor mode. Computer has a static IP, also its direct connection, no switch in between.

I think my PIX might be defective.

PIX BIOS (4.0) #0: Tue May 18 16:29:54 PDT 1999

Platform PIX-515

Flash=i28F640J5 @ 0x300

Use BREAK or ESC to interrupt flash boot.

Use SPACE to begin flash boot immediately.

Flash boot interrupted.

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Using 1: i82559 @ PCI(bus:0 dev:14 irq:7 ), MAC: 0050.54ff.156e

Use ? for help.

monitor> ip address 192.168.1.100

Invalid or incorrect command. Use 'help' for help.

monitor> interface ethernet1

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Ethernet auto negotiation timed out.

Ethernet port 0 could not be initialized.

monitor> interface ethernet0

Invalid or incorrect command. Use 'help' for help.

monitor> exit

Invalid or incorrect command. Use 'help' for help.

monitor> address 192.168.1.100

address 192.168.1.100

monitor> server 192.168.1.69

server 192.168.1.69

monitor> file pix804-28.bin

file pix804-28.bin

monitor> ping 192.168.1.69

Sending 5, 100-byte 0x90f8 ICMP Echoes to 192.168.1.69, timeout is 4 seconds:

Success rpingis 0 percent (0/5)

Invalid or incorrect command. Use 'help' for help.

monito ping 192.168.1.69

Sending 5, 100-byte 0x90f9 ICMP Echoes to 192.168.1.69, timeout is 4 seconds:

Success rate is 0 percent (0/5)

ping 192.168.1.69

Sending 5, 100-byte 0x90fa ICMP Echoes to 192.168.1.69, timeout is 4 seconds:

Success rate is 0 percent (0/5)

monitor>

Second time around I told it to use ethernet0

PIX BIOS (4.0) #0: Tue May 18 16:29:54 PDT 1999

Platform PIX-515

Flash=i28F640J5 @ 0x300

Use BREAK or ESC to interrupt flash boot.

Use SPACE to begin flash boot immediately.

Flash boot interrupted.

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Ethernet auto negotiation timed out.

Ethernet port 1 could not be initialized.

Use ? for help.

monitor> interface ethernet0

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.156d

monitor> address 192.168.1.100

address 192.168.1.100

monitor> server 192.168.1.69

server 192.168.1.69

monitor> file pix804-28.bin

file pix804-28.bin

monitor> ping 192.168.1.69

Sending 5, 100-byte 0xab8e ICMP Echoes to 192.168.1.69, timeout is 4 seconds:

Success rate is 0 percent (0/5)

monitor> ping 192.168.1.69

Sending 5, 100-byte 0xab8f ICMP Echoes to 192.168.1.69, timeout is 4 seconds:

Success rate is 0 percent (0/5)

monitor> gateway 192.168.1.69

gateway 192.168.1.69

monitor> ping 192.168.1.69

Sending 5, 100-byte 0xab90 ICMP Echoes to 192.168.1.69, timeout is 4 seconds:

Success rate is 0 percent (0/5)

monitor> gateway 192.168.1.100

gateway 192.168.1.100

monitor> ping 192.168.1.69

Sending 5, 100-byte 0xab91 ICMP Echoes to 192.168.1.69, timeout is 4 seconds:

Success rate is 0 percent (0/5)

monitor>

As you can see I tried setting the gateway, just to see if that would help. Also after the first ping failed I swapped to a straight through

Jennifer Halim · ‎06-15-2012

looks like port error base on the error message below from your output:

Ethernet auto negotiation timed out.

Ethernet port 0 could not be initialized.

Do you use ethernet 0 or ethernet 1? Can you try the other port?

nateleduc · ‎06-15-2012

Jennifer,
No, for what ever reason I can't get ethernet1 to comply at all. Here is the output for it:

PIX BIOS (4.0) #0: Tue May 18 16:29:54 PDT 1999

Platform PIX-515

Flash=i28F640J5 @ 0x300

Use BREAK or ESC to interrupt flash boot.

Use SPACE to begin flash boot immediately.

Flash boot interrupted.

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Ethernet auto negotiation timed out.

Ethernet port 1 could not be initialized.

Use ? for help.

monitor> interface ethernet1

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Ethernet auto negotiation timed out.

Ethernet port 0 could not be initialized.

interface ethernet1

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Ethernet auto negotiation timed out.

Ethernet port 0 could not be initialized.

monitor> interface ethernet1

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Ethernet auto negotiation timed out.

Ethernet port 0 could not be initialized.

monitor> interface 1

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Using 1: i82559 @ PCI(bus:0 dev:14 irq:7 ), MAC: 0050.54ff.156e

monitor> address 192.168.1.100

address 192.168.1.100

monitor> server 192.168.1.69

server 192.168.1.69

monitor> file pix804-28.bin

file pix804-28.bin

monitor> ping 192.168.1.69

Sending 5, 100-byte 0x4fd4 ICMP Echoes to 192.168.1.69, timeout is 4 seconds:

Success rate is 0 percent (0/5)

monitor> interface 0

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Ethernet auto negotiation timed out.

Ethernet port 0 could not be initialized.

monitor> interface 0

0: i8255X @ PCI(bus:0 dev:13 irq:10)

1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Ethernet auto negotiation timed out.

Ethernet port 0 could not be initialized.

monitor>

I thank you for the quick replies by the way. Also there is a red LED inside light up. Don't know what that means

Jennifer Halim · ‎06-15-2012

Looks like the PIX is faulty, both interfaces can't be initialized.