minimum PIX config

marcreiter · ‎06-08-2004

Sorry for the simple question but I am a simple person.

What is the minimum config for a pix

I have an access-l outbound permit ip any any - on the inside interface

and access-l inbound permit tcp any any eq 80 - for the outside

nat 1 0 0

global (outside) 1 interface

All I want available is the internet but I am getting a 300500 error "No translation group found "

Thanks for any help.

pcomeaux · ‎06-08-2004

Maybe your NAT statement should read "nat (inside) 1 0 0" to specify the inside interface.

By default, you do not need any ACLs for traffic to flow from the inside to the outside.

You need a few things:

1) enable the interfaces

2) configure IP addresses on the interfaces

3) setup a default route

4) setup translation

You can always run "setup" while connected to the Pix's console port. After setting it up, you can then web into the Pix to finish the configuration.

Here's a link to the Establishing Connectivity Chapter of the Pix Documentation:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm

peter

marcreiter · ‎06-08-2004

OOOPS yea that is what it says. Nat (inside) 1 0 0

sorry for the typo.

pcomeaux · ‎06-08-2004

Ok. Can you please post the results of the following commands so we can help you further:

1 - show ip

2 - show int or show interface (whichever works)

3 - show global

4 - show nat

5 - show route

6 - show access-group

7 - show access-list

My gut feeling is that the outside interface is still shutdown.

thanks

peter

marcreiter · ‎06-08-2004

Your guts are a great tool.

interface ethernet0 "outside" is administratively down, line protocol is up

how do you administrativly start the interface?

pcomeaux · ‎06-08-2004

Look for the line in the config that has "nameif interface 0 (or 1) auto shutdown" or something similar. Repeat the same command but without the "shutdown" keyword at the end and the interface should become active.

peter