06-15-2012 12:11 AM - edited 03-11-2019 04:19 PM
I am unable to ping my computer (attached via crossover). I can ping from the PC, but not from the PIX515. I'm using ethernet 1, and I have its IP set at 192.168.1.2/24, but for what ever reason I am unable to contact the computer. I tried messing with the access list a little bit but nothing so far.
PIX515(config)# show run
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto shutdown
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname PIX515
domain-name MAIN
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 120 permit ip any any
access-list 120 permit icmp any any echo
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
pager lines 24
icmp permit any echo-reply inside
mtu outside 1500
mtu inside 1500
no ip address outside
ip address inside 192.168.1.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.69 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:648285e620f020193b6f804e00e01864
: end
PIX515(config)#
06-15-2012 02:06 AM
Pls kindly add the following:
icmp permit any inside
Also, does your PC have any firewall that might be blocking ping?
What is your PC ip address and subnet mask?
06-15-2012 08:38 AM
Thanks for the response.
That did not work either. One weird thing is that even in monitor mode I can't ping, but I can be pinged.
PIX:192.168.1.2/24
PC:192.168.1.69/24
Also my firewall is turned off currently
~Nathan
06-15-2012 11:09 AM
Indeed weird. If you try to change its ip address to something else, 192.168.1.100/24, does it work? I assume that it only has 1 NIC?
06-15-2012 06:15 PM
Change what, the computer or the PIX?
Here is my exact output for monitor mode. Computer has a static IP, also its direct connection, no switch in between.
I think my PIX might be defective.
PIX BIOS (4.0) #0: Tue May 18 16:29:54 PDT 1999
Platform PIX-515
Flash=i28F640J5 @ 0x300
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Using 1: i82559 @ PCI(bus:0 dev:14 irq:7 ), MAC: 0050.54ff.156e
Use ? for help.
monitor> ip address 192.168.1.100
Invalid or incorrect command. Use 'help' for help.
monitor> interface ethernet1
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Ethernet auto negotiation timed out.
Ethernet port 0 could not be initialized.
monitor> interface ethernet0
Invalid or incorrect command. Use 'help' for help.
monitor> exit
Invalid or incorrect command. Use 'help' for help.
monitor> address 192.168.1.100
address 192.168.1.100
monitor> server 192.168.1.69
server 192.168.1.69
monitor> file pix804-28.bin
file pix804-28.bin
monitor> ping 192.168.1.69
Sending 5, 100-byte 0x90f8 ICMP Echoes to 192.168.1.69, timeout is 4 seconds:
Success rpingis 0 percent (0/5)
Invalid or incorrect command. Use 'help' for help.
monito ping 192.168.1.69
Sending 5, 100-byte 0x90f9 ICMP Echoes to 192.168.1.69, timeout is 4 seconds:
Success rate is 0 percent (0/5)
ping 192.168.1.69
Sending 5, 100-byte 0x90fa ICMP Echoes to 192.168.1.69, timeout is 4 seconds:
Success rate is 0 percent (0/5)
monitor>
Second time around I told it to use ethernet0
PIX BIOS (4.0) #0: Tue May 18 16:29:54 PDT 1999
Platform PIX-515
Flash=i28F640J5 @ 0x300
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Ethernet auto negotiation timed out.
Ethernet port 1 could not be initialized.
Use ? for help.
monitor> interface ethernet0
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.156d
monitor> address 192.168.1.100
address 192.168.1.100
monitor> server 192.168.1.69
server 192.168.1.69
monitor> file pix804-28.bin
file pix804-28.bin
monitor> ping 192.168.1.69
Sending 5, 100-byte 0xab8e ICMP Echoes to 192.168.1.69, timeout is 4 seconds:
Success rate is 0 percent (0/5)
monitor> ping 192.168.1.69
Sending 5, 100-byte 0xab8f ICMP Echoes to 192.168.1.69, timeout is 4 seconds:
Success rate is 0 percent (0/5)
monitor> gateway 192.168.1.69
gateway 192.168.1.69
monitor> ping 192.168.1.69
Sending 5, 100-byte 0xab90 ICMP Echoes to 192.168.1.69, timeout is 4 seconds:
Success rate is 0 percent (0/5)
monitor> gateway 192.168.1.100
gateway 192.168.1.100
monitor> ping 192.168.1.69
Sending 5, 100-byte 0xab91 ICMP Echoes to 192.168.1.69, timeout is 4 seconds:
Success rate is 0 percent (0/5)
monitor>
As you can see I tried setting the gateway, just to see if that would help. Also after the first ping failed I swapped to a straight through
06-15-2012 06:23 PM
looks like port error base on the error message below from your output:
Ethernet auto negotiation timed out.
Ethernet port 0 could not be initialized.
Do you use ethernet 0 or ethernet 1? Can you try the other port?
06-15-2012 06:36 PM
Jennifer,
No, for what ever reason I can't get ethernet1 to comply at all. Here is the output for it:
PIX BIOS (4.0) #0: Tue May 18 16:29:54 PDT 1999
Platform PIX-515
Flash=i28F640J5 @ 0x300
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Flash boot interrupted.
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Ethernet auto negotiation timed out.
Ethernet port 1 could not be initialized.
Use ? for help.
monitor> interface ethernet1
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Ethernet auto negotiation timed out.
Ethernet port 0 could not be initialized.
interface ethernet1
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Ethernet auto negotiation timed out.
Ethernet port 0 could not be initialized.
monitor> interface ethernet1
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Ethernet auto negotiation timed out.
Ethernet port 0 could not be initialized.
monitor> interface 1
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Using 1: i82559 @ PCI(bus:0 dev:14 irq:7 ), MAC: 0050.54ff.156e
monitor> address 192.168.1.100
address 192.168.1.100
monitor> server 192.168.1.69
server 192.168.1.69
monitor> file pix804-28.bin
file pix804-28.bin
monitor> ping 192.168.1.69
Sending 5, 100-byte 0x4fd4 ICMP Echoes to 192.168.1.69, timeout is 4 seconds:
Success rate is 0 percent (0/5)
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Ethernet auto negotiation timed out.
Ethernet port 0 could not be initialized.
monitor> interface 0
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )
Ethernet auto negotiation timed out.
Ethernet port 0 could not be initialized.
monitor>
I thank you for the quick replies by the way. Also there is a red LED inside light up. Don't know what that means
06-15-2012 07:30 PM
Looks like the PIX is faulty, both interfaces can't be initialized.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide