05-06-2012 04:39 PM - edited 03-11-2019 04:02 PM
I just got my PIX515e configured and thought I had it working correctly, but on my 3745 router, the line protocol is down, I've looked through the configs for bot the PIX and the 3745 and can't seem to figure out why I don't have access. Would anyone be able to please help resolve the issue for me?
Pix515E config:
pixfirewall# show run
: Saved
:
PIX Version 8.0(4)32
!
hostname pixfirewall
domain-name home.jkkcc.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.20.1 255.255.255.248
!
interface Ethernet2
nameif DMZ
security-level 50
ip address 10.0.30.1 255.255.255.248
!
ftp mode passive
dns server-group DefaultDNS
domain-name home.jkkcc.com
pager lines 24
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside) 1 0.0.0.0 0.0.0.0
!
router eigrp 1
network 10.0.0.0 255.0.0.0
network 192.168.0.0 255.255.255.0
network 192.168.2.0 255.255.255.0
network 192.168.4.0 255.255.255.0
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect ils
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:c7359e3905dd13a5aa1a1c0e85a91f52
: end
3745 Config:
3745-Internet#show run
Building configuration...
Current configuration : 2248 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3745-Internet
!
boot-start-marker
boot system flash:
boot-end-marker
!
no logging buffered
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
memory-size iomem 25
no network-clock-participate slot 2
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.150
!
ip dhcp pool HOME-Network
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.127 192.168.1.128
!
ip dhcp pool home-network
!
!
ip domain name www.jkkcc.com
ip name-server 192.168.2.127
!
multilink bundle-name authenticated
parameter-map type regex sdm-regex-nonascii
pattern [^\x00-\x80]
!
!
!
!
!
!
!
username woodjl1650 privilege 15 password 0 henry999
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address 10.0.20.2 255.255.255.248
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface Serial0/0
description $FW_INSIDE$
ip address 10.0.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
description $FW_INSIDE$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Serial0/1
description $FW_INSIDE$
ip address 10.0.10.2 255.255.255.248
ip nat inside
ip virtual-reassembly
!
router eigrp 1
network 10.0.0.0
network 192.168.0.0
network 192.168.2.0
network 192.168.4.0
auto-summary
!
!
!
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 15 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.2.21 80 interface FastEthernet0/0 80
ip nat inside source list 104 interface FastEthernet0/0 overload
!
access-list 15 permit 10.0.8.0 0.0.7.255
access-list 15 permit 192.168.4.0 0.0.0.255
access-list 104 permit ip any any
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps tty
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet
!
!
webvpn cef
!
end