Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
974
Views
10
Helpful
7
Replies

pix issue - how to

mor_feusz
Level 1
Level 1

‎08-04-2005 10:14 AM - edited ‎02-21-2020 12:18 AM

Hello

I am trying to configure PIX 1st time in my life. My company (bought a

cabinet in datacentre). We hawe to set up connection

Datacenter send to us

set WAN port on Your PIX firewall

90.90.66.239 - 255.255.255.4

dafault gateway 90.90.66.1

set lan port on your firewall

90.90.67.112 255.255.255.248

Your default gateway (lan) will be 90.90.67.112

i tried to use wizard

and from interface outside i can ping world - from inside - no - i have a

laptop (configuration: 90.90.67.114, 255.255.255.48, default gateway

90.90.67.112)

In my opinion there is something wrong (90.90.67.112 is the network adress

we have arange of IP's 112 to 119 - 119 is broadcast address)

i set up

ip address outside 90.x.x.x 255.255.255.4

ip address inside 90.x.x.x.255.255.248

i doesnt work - i do not have internet connection

people have to ping me and i will have to ping them

mu configuration

______________

show run

: Saved

:

PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxxxxxxxxxxxxxxxxxxxx encrypted

passwd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx encrypted

hostname companyfirewall

domain-name myconpany.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

<--- More --->

names

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 90.x.x.x.255.254.0

ip address inside 90.x.x.x.255.255.248

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.x x.x.x.x.90.66.1 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225

1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

<--- More --->

aaa-server LOCAL protocol local

http server enable

http 90.90.x.x.x.255.248 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Cryptochecksum:xxxxxxxxxxxxxxxxx

: end

what is wrong

Please Help me

0 Helpful
7 Replies 7

techmichelle
Level 1
Level 1

‎08-04-2005 05:09 PM

Hi

type show route

check that your outside route shows 90.90.66.1 as the gateway.

Michelle

mor_feusz
Level 1
Level 1
In response to techmichelle

‎08-05-2005 12:42 AM

I will try to do that

Thanks

If any case - i will post what i have and what doesn't work

0 Helpful

shijasm
Level 1
Level 1

‎08-04-2005 09:46 PM

by Default Ping is desabled on outside interface and pass through, create an access-list to passthrough ICMP.

mor_feusz
Level 1
Level 1
In response to shijasm

‎08-05-2005 02:59 PM

show route

outside 0.0.0.0 0.0.0.0 90.90.66.1 1 OTHER static

outside 90.90.66.0 255.255.254.0 90.90.66.239 1 CONNECT

static inside 90.90.67.112 255.255.255.248 90.90.67.113 1 CONNECT static

does not work

i will kill myself

what i have to do to have internet

Please

0 Helpful

charles_barnett
Level 1
Level 1
In response to mor_feusz

‎08-07-2005 11:25 AM

Mor_Feusz,

Send me an e-mail at 612class@blackngold.net.

0 Helpful

d_harris101
Level 1
Level 1

‎08-07-2005 10:34 PM

set WAN port on Your PIX firewall

90.90.66.239 - 255.255.255.4

default gateway 90.90.66.1

i note you have corrected this netmask on the outside interface to 255.255.254.0

set lan port on your firewall

90.90.67.112 255.255.255.248

Your default gateway (lan) will be 90.90.67.112

your interface on the LAN side is also part of the subnet on the outside interface??

(90.90.66.0:255.255.254.0 = 90.90.66.0 - 90.90.67.254)

Strange config. Is that all the networks you have on the LAN side? I guess it would work but it's very confusing. You can't have a 'default' route on the both sides

0 Helpful

mor_feusz
Level 1
Level 1
In response to d_harris101

‎08-08-2005 03:55 AM

It is strange for me as well - 112 is a network address

Byt i gaved up - i asked people from datacentre - they will charge and set up

I have no ideas how to do this :(

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card