Hi dear all,

Actually I have set "access-list permit icmp any any echo-reply" time-exceeded & unreachable.......so now I am able to ping from my PIX console to my ISP GW ip...but still I am not able to access internet or ping from my inside n/w PCs to internet GW.

Pls. find the below details of my n/w and config.and suggest where am I missing?

I need ur help badly, now it's a question of my output....please help me ASAP.

I can't remove my border router because it has been sold to my customers earlier for my SUN servers.

Pls. note my yahoo messenger ID is barodians_us@yahoo.com If u are not disturb u can come on yahoo for chatting to suggest me online.

N/W setup:

#My router inside ip (172.16.29.1/24)--Router outside (10.1.1.1/24)--PIX inside (10.1.1.2/24)--PIX outside (208.144.230.197 255.255.255.224-ISP supplied)

#My ISP Gateway address is 208.144.230.200

#My DNS servers are 208.144.230.1 and 208.144.230.2

#VLAN Config:

boot-start-marker

boot-end-marker

no aaa new-model

ip subnet-zero

!

no ip dhcp conflict logging

ip dhcp excluded-address 172.16.29.1 172.16.29.240

ip dhcp excluded-address 172.16.29.250 172.16.29.254

!

ip dhcp pool dhcppool

network 172.16.29.0 255.255.255.0

dns-server 208.144.230.1 208.144.230.2

default-router 172.16.29.1

!

interface FastEthernet0/0

ip address 208.144.230.197 255.255.255.224

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.16.29.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip nat inside source list 7 interface FastEthernet0/0 overload

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 208.144.230.200

!

access-list 7 permit 172.16.29.0 0.0.0.255

!

#PIX 515E config:

PIX Version 6.3(3)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname VLANPIX

domain-name VLAN

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol http 80

fixup protocol rsh 514

fixup protocol smtp 25

fixup protocol sqlnet 1521

access-list acl_outbound permit icmp any any

access-list acl_outbound permit tcp any any eq pop3

access-list acl_outbound permit tcp any any eq smtp

access-list acl_outbound permit tcp any any eq domain

access-list acl_outbound permit udp any any eq domain

access-list acl_outbound permit tcp any any eq www

access-list acl_outbound permit tcp any any eq telnet

access-list acl_outbound permit tcp any any eq h323

access-list acl_outbound permit tcp any any eq https

access-list acl_outbound permit tcp any any eq 1863

access-list acl_outbound permit tcp any any eq ftp-data

access-list acl_outbound permit tcp any any eq ftp

access-list acl_outbound deny ip any any

access-list acl_inbound permit icmp any any

access-list acl_inbound permit tcp any any eq 1863

access-list acl_inbound permit tcp any any eq ftp

access-list acl_inbound permit tcp any any eq ftp-data

access-list acl_inbound permit tcp any any eq h323

access-list acl_inbound permit tcp any any eq pop3

access-list acl_inbound permit tcp any any eq smtp

access-list acl_inbound permit tcp any any eq www

access-list acl_inbound permit tcp any any eq domain

access-list acl_inbound permit udp any any eq domain

access-list acl_inbound deny ip any any

access-list 100 permit icmp any any echo-reply

access-list 100 permit icmp any any time-exceeded

access-list 100 permit icmp any any unreachable

ip address outside 208.144.230.197 255.255.255.224

ip address inside 10.1.1.2 255.255.255.0

global (outside) 1

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group acl_inbound in interface outside

access-group acl_outbound in interface inside

route outside 0.0.0.0 0.0.0.0 208.144.230.200 1

floodguard enable

telnet 10.1.1.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

Thanks.

Regards,

Hiren Mehta