Help with config - can not access internet - Page 2

flopez · ‎03-20-2007

I can ping from Machine 192.168.40.8 to PIX and vice versa. I can not ping from either Machine or PIX to the outside Internet.

Can someone look at my config and see what I am missing. Also I am prohibiting machine 192.168.40.10 to browse internet.

PIX Version 6.3(1)

interface ethernet0 100full

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname lab

domain-name LAB

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list outthere permit icmp any any echo-reply

access-list outthere permit icmp any any unreachable

access-list outthere permit icmp any any time-exceeded

access-list inthere permit icmp any any

access-list inthere deny tcp host 192.168.40.10 any eq www

access-list inthere permit tcp any any eq www

access-list inthere permit tcp any any eq https

access-list inthere permit ip any any

access-list inthere permit tcp any any eq domain

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 37.x.x.10 255.255.255.248

ip address inside 192.168.40.1 255.255.255.0

ip verify reverse-path interface outside

ip verify reverse-path interface inside

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 37.139.239.10 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

management-access inside

console timeout 0

terminal width 80

Thanks in advance.

JT

acomiskey · ‎03-21-2007

What I said was you will not be able to ping the outside interface of the pix. (37.139.239.10). I did not mean you won't be able to ping out from the pix, sorry you misunderstood.

The logical test would be to ping your isp gateway from the pix, this would prove your internet connection was there and the problem is something on your inside clients or the pix, not your connection.

chrismisztur · ‎03-21-2007

I think where the PIX boots from depends on your config register setting.

chrismisztur · ‎03-21-2007

So is this a DSL modem with the .6 IP? What is the device before the PIX? router? dsl modem?

If so, then change the PIX outside ip to .6 (same as the DSL modem) and then the route outside on the PIX will have to be an IP address that you can get from your ISP.

acomiskey · ‎03-21-2007

dsl modems don't typically have ip addresses. dsl routers do.

flopez · ‎03-21-2007

I ended up doing a write erase and started from scratch. I redid the config, and now it works. I checked the config and it looks the same to me as it did before... oh well, it works, that is all that matters.

thanks for your help.

chrismisztur · ‎03-22-2007

weird!

ashleyw · ‎03-21-2007

Set to 10Mb auto.