Solved: pix 515E cannot ping or assign DHCP addresses to the inside clients

dbakopanos · ‎05-07-2011

I have a PIX 515E that I want to use to as a border between my internet connection and my Cisco AIR1131AG. I have configured the PIX to have the outside interface as a dhcp client which gets its dynamic IP address from the cable modem. the AP is connected to the E1 inside interface. Now I could see the E1 interface from the arp table from the AP but I cannot ping it. From the firewall I don't see the ARP table from the firewall. and i cannot ping the AP. what is wrong with the configuration? side note, i am able to connect to the AIR1131AG from my laptop I was not able to retrieve an IP address.

FW1 - CONFIGURATION

interface Ethernet0
description uplink towards the techsavvy modem
speed 100
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet1
description >>> WIFI LAN ACCESS <<<
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0

nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

dhcpd address 10.0.0.10-10.0.0.254 inside
dhcpd dns 8.4.4.4 8.8.8.8
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd auto_config inside
dhcpd enable inside

TestFirewall# ping 10.0.0.1
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
TestFirewall# ping 10.0.0.2
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
TestFirewall#

TestFirewall# sho arp
TestFirewall#
TestFirewall# show arp stati
TestFirewall# show arp statistics
Number of ARP entries in PIX: 0

        Dropped blocks in ARP: 34
        Maximum Queued blocks: 2
        Queued blocks: 1
        Interface collision ARPs Received: 0
        ARP-defense Gratuitous ARPS sent: 0
        Total ARP retries: 92
        Unresolved hosts: 1
        Maximum Unresolved hosts: 1
TestFirewall#

------------ AIR1131AG CONFIGURATION -------------------------------

interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.0.0.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.0.1

TestBedAP#
TestBedAP#sh arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 10.0.0.2                -   0023.0425.46aa ARPA   BVI1
Internet 10.0.0.1                1   001b.54ae.f5f9 ARPA   BVI1
TestBedAP#
TestBedAP#
TestBedAP#ping 10.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
TestBedAP#ping 10.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
TestBedAP#

Roman Rodichev · ‎05-07-2011

i believe you will need a crossover cable to connect AP and PIX

View solution in original post

Roman Rodichev · ‎05-07-2011

i believe you will need a crossover cable to connect AP and PIX

dbakopanos · ‎05-07-2011

okay then since my cable modem service is not connected yet, am I to assume that the E0 outside interface to the cable modem is also a straight or cross?

Roman Rodichev · ‎05-07-2011

your cable modem is probably auto-mdix, so it won't matter if you use straight through or cross over cable.