Solved: PIX 515 Help - Page 3

harrisgirls · ‎03-16-2011

Hello,

I've just got my hands on a Cisco PIX 515.

I mainly brought it too learn and play with, i done some cisco stuff in the past but not much.

I just need too get this up and running with a IP Address on ethernet1 (192.168.1.254) but when I run the command "nameif ethernet1 inside security100" in enable mode all I keep getting is ERROR % Invaild input detected at '' maker.

Any help would be great!

PAUL GILBERT ARIAS · ‎03-16-2011

ok if you have an static IP make sure you have it configured, check using the command "show ip" and to check the default gateway use the command show route.

harrisgirls · ‎03-16-2011

Show IP command:

Interface                Name                   IP address      Subnet mask
Method
Ethernet0                outside                78.XX.XXX.142   255.255.240.0
CONFIG
Ethernet1                inside                 192.168.1.250   255.255.255.0
CONFIG
Current IP Addresses:
Interface                Name                   IP address      Subnet mask
Method
Ethernet0                outside                78.XX.XX.142   255.255.240.0
CONFIG
Ethernet1                inside                 192.168.1.250   255.255.255.0
CONFIG
wwn-fw-01#

Show route:

wn-fw-01# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
        * - candidate default, U - per-user static route, o - ODR
        P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.1.0 255.255.255.0 is directly connected, inside
wwn-fw-01#

harrisgirls · ‎03-16-2011

Gateway of last resort is not set <<<<<<<<<<<<<<<<<<<< is this something I am missing?!?!

PAUL GILBERT ARIAS · ‎03-16-2011

yes you need the gateway. the command is " route outside 0 0

harrisgirls · ‎03-16-2011

I've just done the following command for the default gateway:

wwn-fw-01#
wwn-fw-01# conf t
wwn-fw-01(config)# route outside 0 0 78.XX.XXX.1
wwn-fw-01(config)# wr mem
Building configuration...
Cryptochecksum: 58e31a93 6599023a 46d0ade0 35c83ef3

2304 bytes copied in 0.910 secs
[OK]
wwn-fw-01(config)#

When I do a show route I get:

Gateway of last resort is not set

C 192.168.1.0 255.255.255.0 is directly connected, inside
wwn-fw-01#

still?!

PAUL GILBERT ARIAS · ‎03-16-2011

can you do a show interface again just to make sure the outside interface is up?

harrisgirls · ‎03-16-2011

sure 1 sec

harrisgirls · ‎03-16-2011

Config is below

wwn-fw-01(config)# show int
Interface Ethernet0 "outside", is up, line protocol is up
   Hardware is i82559, BW 100 Mbps, DLY 100 usec
         Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
         MAC address 0003.6bf6.ffaa, MTU 1500
         IP address 78.86.187.142, subnet mask 255.255.240.0
         691 packets input, 222594 bytes, 0 no buffer
         Received 0 broadcasts, 0 runts, 0 giants
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
         0 L2 decode drops
         835 packets output, 134379 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 babbles, 0 late collisions, 0 deferred
         0 lost carrier, 0 no carrier
         input queue (curr/max packets): hardware (0/1) software (0/3)
         output queue (curr/max packets): hardware (0/2) software (0/1)
   Traffic Statistics for "outside":
         691 packets input, 211287 bytes
         835 packets output, 120599 bytes
         47 packets dropped
       1 minute input rate 0 pkts/sec, 0 bytes/sec
       1 minute output rate 0 pkts/sec, 0 bytes/sec
       1 minute drop rate, 0 pkts/sec
       5 minute input rate 0 pkts/sec, 0 bytes/sec
       5 minute output rate 0 pkts/sec, 0 bytes/sec
       5 minute drop rate, 0 pkts/sec
Interface Ethernet1 "inside", is up, line protocol is up
   Hardware is i82559, BW 100 Mbps, DLY 100 usec
         Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
         MAC address 0003.6bf6.ffab, MTU 1500
         IP address 192.168.1.250, subnet mask 255.255.255.0
         5567 packets input, 511443 bytes, 0 no buffer
         Received 1420 broadcasts, 0 runts, 0 giants
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
         0 L2 decode drops
         4776 packets output, 1238155 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 babbles, 0 late collisions, 0 deferred
         0 lost carrier, 0 no carrier
         input queue (curr/max packets): hardware (0/1) software (0/107)
         output queue (curr/max packets): hardware (0/16) software (0/1)
   Traffic Statistics for "inside":
         5569 packets input, 422053 bytes
         4776 packets output, 1158172 bytes
         803 packets dropped
       1 minute input rate 0 pkts/sec, 28 bytes/sec
       1 minute output rate 0 pkts/sec, 0 bytes/sec
       1 minute drop rate, 0 pkts/sec
       5 minute input rate 0 pkts/sec, 20 bytes/sec
       5 minute output rate 0 pkts/sec, 0 bytes/sec
       5 minute drop rate, 0 pkts/sec
Interface Virtual254 "", is up, line protocol is up
   Hardware is Virtual   Available but not configured via nameif
         MAC address 0000.0000.0000, MTU not set
         IP address unassigned
wwn-fw-01(config)# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
        * - candidate default, U - per-user static route, o - ODR
        P - periodic downloaded static route

Gateway of last resort is 78.86.176.1 to network 0.0.0.0

C    78.86.176.0 255.255.240.0 is directly connected, outside
C    192.168.1.0 255.255.255.0 is directly connected, inside
S*   0.0.0.0 0.0.0.0 [1/0] via 78.86.176.1, outside
wwn-fw-01(config)#

I cant ping any thing outside i.e. DNS

PAUL GILBERT ARIAS · ‎03-16-2011

From the PIX you should be able to ping 78.86.176.1

and if you added the NAT and GLOBAL I sent you then you should be able to browse the internet. If you want to ping from hosts on the inside to the internet you need the command "fixup protocol icmp"

I was able to ping your outside IP from my computer.

PAUL GILBERT ARIAS · ‎03-16-2011

also make sure your inside hosts have an IP from the inside network and that the default gateway of those hosts is the PIX inside interface. Also make sure they have a valid DNS server.

harrisgirls · ‎03-16-2011

Thanks -

From the PIX you should be able to ping 78.86.176.1

and if you added the NAT and GLOBAL I sent you then you should be able to browse the internet. If you want to ping from hosts on the inside to the internet you need the command "fixup protocol icmp"

I was able to ping your outside IP from my computer.

What commands are they for adding NAT and GLOBAL?

harrisgirls · ‎03-16-2011

I can confirm I can PING the IP ISP Gateway, nothing else

I am in the same subnet\ip range of the pix inside, i can ping the pix internally.

PAUL GILBERT ARIAS · ‎03-16-2011

add the following:

nat (inside) 1 0 0

global (outside) 1 interface

from the ASA try to ping 4.2.2.2

harrisgirls · ‎03-16-2011

I just entered these commands you gave me:

nat (inside) 1 0 0

global (outside) 1 interface

and came back as:

nat (inside) 1 0 0

dupilcate NAT Entry

global (outside) 1 interface

global for this range already exsits

harrisgirls · ‎03-16-2011

I can ping 4.2.2.2