Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
911
Views
0
Helpful
1
Replies

Problem on Transparent Firewall Configuration in PIX 515E

Go to solution
coryjin27
Level 1
Level 1

‎11-26-2012 06:48 PM - edited ‎03-11-2019 05:28 PM

I am trying to set the PIX firewall to transparent mode.

After I set it to transparent firewall, I allowed all icmp, tcp, udp traffics.

Currently, any devices in the inside network can get the ip automatically from DHCP server in the outside network

but cannot ping to any servers in the outside network either access the internet.

Do I need additional confiration on the firewall?

Here's the configuration:

PIX Version 7.0(1)

firewall transparent

names

!

interface Ethernet0

nameif inside

security-level 100

!

interface Ethernet1

nameif outside

security-level 0

!

interface Ethernet2

shutdown

no nameif

no security-level

!

enable password encrypted

passwd .encrypted

hostname pixfirewall

ftp mode passive

access-list outside_in extended permit icmp any any

access-list outside_in extended permit tcp any any

access-list outside_in extended permit udp any any

access-list inside_out extended permit icmp any any

access-list inside_out extended permit tcp any any

access-list inside_out extended permit udp any any

pager lines 24

mtu inside 1500

mtu outside 1500

ip address 192.168.123.229 255.255.255.255

monitor-interface inside

monitor-interface outside

no asdm history enable

arp timeout 14400

access-group inside_out in interface inside

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.123.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

  inspect dns maximum-length 512

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

!

service-policy global_policy global

Cryptochecksum:

: end

pixfirewall#

pixfirewall#

pixfirewall# ping 192.168.123.254

Sending 5, 100-byte ICMP Echos to 192.168.123.254, timeout is 2 seconds:

No route to host 192.168.123.254

Success rate is 0 percent (0/1)

pixfirewall#

Would appreciate any suggestions,

Cory

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎11-27-2012 12:41 AM

Hi,

ip address 192.168.123.229 255.255.255.255,  you should have the same mask as the connected subnet.

And by the way the route command is not needed anymore as you are now switching traffic and not routing.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎11-27-2012 12:41 AM

Hi,

ip address 192.168.123.229 255.255.255.255,  you should have the same mask as the connected subnet.

And by the way the route command is not needed anymore as you are now switching traffic and not routing.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card