cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2254
Views
0
Helpful
10
Replies

PIX 515E Config Help!!!

jwood1650
Beginner
Beginner

I just got my PIX515e configured and thought I had it working correctly, but on my 3745 router, the line protocol is down, I've looked through the configs for bot the PIX and the 3745 and can't seem to figure out why I don't have access. Would anyone be able to please help resolve the issue for me?

Pix515E config:

pixfirewall# show run

: Saved

:

PIX Version 8.0(4)32

!

hostname pixfirewall

domain-name home.jkkcc.com

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0

nameif outside

security-level 0

ip address dhcp setroute

!

interface Ethernet1

nameif inside

security-level 100

ip address 10.0.20.1 255.255.255.248

!

interface Ethernet2

nameif DMZ

security-level 50

ip address 10.0.30.1 255.255.255.248

!

ftp mode passive

dns server-group DefaultDNS

domain-name home.jkkcc.com

pager lines 24

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

nat (inside) 1 0.0.0.0 0.0.0.0

!

router eigrp 1

network 10.0.0.0 255.0.0.0

network 192.168.0.0 255.255.255.0

network 192.168.2.0 255.255.255.0

network 192.168.4.0 255.255.255.0

!

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

no snmp-server location

no snmp-server contact

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

  inspect http

  inspect ils

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:c7359e3905dd13a5aa1a1c0e85a91f52

: end

3745 Config:

3745-Internet#show run

Building configuration...

Current configuration : 2248 bytes

!

version 12.4

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 3745-Internet

!

boot-start-marker

boot system flash:

boot-end-marker

!

no logging buffered

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

aaa session-id common

memory-size iomem 25

no network-clock-participate slot 2

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.2.1 192.168.2.150

!

ip dhcp pool HOME-Network

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

   dns-server 192.168.2.127 192.168.1.128

!

ip dhcp pool home-network

!

!

ip domain name www.jkkcc.com

ip name-server 192.168.2.127

!

multilink bundle-name authenticated

parameter-map type regex sdm-regex-nonascii

pattern [^\x00-\x80]

!

!

!

!

!

!

!

username woodjl1650 privilege 15 password 0 henry999

archive

log config

  hidekeys

!

!

!

!

!

interface FastEthernet0/0

description $FW_OUTSIDE$

ip address 10.0.20.2 255.255.255.248

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

!

interface Serial0/0

description $FW_INSIDE$

ip address 10.0.10.1 255.255.255.248

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1

description $FW_INSIDE$

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/1

description $FW_INSIDE$

ip address 10.0.10.2 255.255.255.248

ip nat inside

ip virtual-reassembly

!

router eigrp 1

network 10.0.0.0

network 192.168.0.0

network 192.168.2.0

network 192.168.4.0

auto-summary

!

!

!

no ip http server

ip http authentication local

no ip http secure-server

ip nat inside source list 15 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.2.21 80 interface FastEthernet0/0 80

ip nat inside source list 104 interface FastEthernet0/0 overload

!

access-list 15 permit 10.0.8.0 0.0.7.255

access-list 15 permit 192.168.4.0 0.0.0.255

access-list 104 permit ip any any

snmp-server community public RO

snmp-server community private RW

snmp-server enable traps tty

!

!

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

transport input telnet

!

!

webvpn cef

!

end

10 Replies 10

Maykol Rojas
Cisco Employee
Cisco Employee