08-27-2011 08:48 AM - edited 03-11-2019 02:17 PM
I have the config below. I can ping the next hop router (a Hatteras Networks HN508-D) but nothing beyond that. When I replace the PIX with another device, I can access the Internet with no issues.
thx
james
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password WdJQMntV/mB02tJF encrypted
passwd seG4WaIjWTMmZB0q encrypted
hostname mzero
domain-name mzero.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 75.91.187.10 255.255.255.252
ip address inside 10.0.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 10.0.1.2-10.0.1.100
nat (inside) 1 10.0.1.0 255.255.255.0 0 0
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 75.91.187.9 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
access-group 100 in interface outside
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community mzero
snmp-server enable traps
floodguard enable
telnet 10.0.1.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
terminal width 80
08-27-2011 09:05 AM
Hi James,
Can you just reload the router and the PIX device once??? was this working fine earlier??
Thanks,
Varun
08-27-2011 09:08 AM
I don't think your nat statement is good as well, it should be:
global (outside) 1 interface
nat (inside) 1 10.0.1.0 255.255.255.0 0 0
Plz change it and i think it should work after it.
Hope this helps,
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide