05-07-2011 01:20 PM - edited 03-11-2019 01:30 PM
I have a PIX 515E that I want to use to as a border between my internet connection and my Cisco AIR1131AG. I have configured the PIX to have the outside interface as a dhcp client which gets its dynamic IP address from the cable modem. the AP is connected to the E1 inside interface. Now I could see the E1 interface from the arp table from the AP but I cannot ping it. From the firewall I don't see the ARP table from the firewall. and i cannot ping the AP. what is wrong with the configuration? side note, i am able to connect to the AIR1131AG from my laptop I was not able to retrieve an IP address.
FW1 - CONFIGURATION
interface Ethernet0
description uplink towards the techsavvy modem
speed 100
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet1
description >>> WIFI LAN ACCESS <<<
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
dhcpd address 10.0.0.10-10.0.0.254 inside
dhcpd dns 8.4.4.4 8.8.8.8
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd auto_config inside
dhcpd enable inside
TestFirewall# ping 10.0.0.1
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
TestFirewall# ping 10.0.0.2
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
TestFirewall#
TestFirewall# sho arp
TestFirewall#
TestFirewall# show arp stati
TestFirewall# show arp statistics
Number of ARP entries in PIX: 0
Dropped blocks in ARP: 34
Maximum Queued blocks: 2
Queued blocks: 1
Interface collision ARPs Received: 0
ARP-defense Gratuitous ARPS sent: 0
Total ARP retries: 92
Unresolved hosts: 1
Maximum Unresolved hosts: 1
TestFirewall#
------------ AIR1131AG CONFIGURATION -------------------------------
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.0.0.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.0.1
TestBedAP#
TestBedAP#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.0.2 - 0023.0425.46aa ARPA BVI1
Internet 10.0.0.1 1 001b.54ae.f5f9 ARPA BVI1
TestBedAP#
TestBedAP#
TestBedAP#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
TestBedAP#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
TestBedAP#
Solved! Go to Solution.
05-07-2011 01:35 PM
i believe you will need a crossover cable to connect AP and PIX
05-07-2011 01:35 PM
i believe you will need a crossover cable to connect AP and PIX
05-07-2011 02:36 PM
okay then since my cable modem service is not connected yet, am I to assume that the E0 outside interface to the cable modem is also a straight or cross?
05-07-2011 03:27 PM
your cable modem is probably auto-mdix, so it won't matter if you use straight through or cross over cable.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide