cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Problem on Transparent Firewall Configuration in PIX 515E

coryjin27
Beginner
Beginner

I am trying to set the PIX firewall to transparent mode.

After I set it to transparent firewall, I allowed all icmp, tcp, udp traffics.

Currently, any devices in the inside network can get the ip automatically from DHCP server in the outside network

but cannot ping to any servers in the outside network either access the internet.

Do I need additional confiration on the firewall?

Here's the configuration:

PIX Version 7.0(1)

firewall transparent

names

!

interface Ethernet0

nameif inside

security-level 100

!

interface Ethernet1

nameif outside

security-level 0

!

interface Ethernet2

shutdown

no nameif

no security-level

!

enable password encrypted

passwd .encrypted

hostname pixfirewall

ftp mode passive

access-list outside_in extended permit icmp any any

access-list outside_in extended permit tcp any any

access-list outside_in extended permit udp any any

access-list inside_out extended permit icmp any any

access-list inside_out extended permit tcp any any

access-list inside_out extended permit udp any any

pager lines 24

mtu inside 1500

mtu outside 1500

ip address 192.168.123.229 255.255.255.255

monitor-interface inside

monitor-interface outside

no asdm history enable

arp timeout 14400

access-group inside_out in interface inside

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.123.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

  inspect dns maximum-length 512

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

!

service-policy global_policy global

Cryptochecksum:

: end

pixfirewall#

pixfirewall#

pixfirewall# ping 192.168.123.254

Sending 5, 100-byte ICMP Echos to 192.168.123.254, timeout is 2 seconds:

No route to host 192.168.123.254

Success rate is 0 percent (0/1)

pixfirewall#

Would appreciate any suggestions,

Cory

1 ACCEPTED SOLUTION

Accepted Solutions

cadet alain
Mentor
Mentor

Hi,

ip address 192.168.123.229 255.255.255.255,  you should have the same mask as the connected subnet.

And by the way the route command is not needed anymore as you are now switching traffic and not routing.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

1 REPLY 1

cadet alain
Mentor
Mentor

Hi,

ip address 192.168.123.229 255.255.255.255,  you should have the same mask as the connected subnet.

And by the way the route command is not needed anymore as you are now switching traffic and not routing.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: