Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
939
Views
0
Helpful
5
Replies

Issues with 857 and PIX 501E

jc_sutcliffe
Level 1
Level 1

‎11-21-2011 03:51 AM - edited ‎03-04-2019 02:21 PM

Hi All,

Im loosing my patience with my home setup im running. My ISP has given me a /29 static range which I have correctly applied. I have statically mapped a external IP to a device on the LAN without any issues. When checkign external ip on the device it appears as it shoud and everythgin else appears as the external address of the PIX. When I try to access anything past the router externally I cannot. I can ping the dialer and vlan1 interface on the 857w but cannot see anything past that.

All I want the router to do is route, and control everything from the pix. Have i left out a command somewhere? Any thoughts would be much appreciated.

I have attached my cofnigs and my diagram.

Many thanks

Jason

Labels:
Preview file
101 KB
117557-857W.txt.zip
117576-501E.txt.zip
0 Helpful
5 Replies 5

alitadir
Level 1
Level 1

‎11-21-2011 04:19 AM

Hi Jason, can you change IP address as 192.168.99.11 instead of x.x.82.219 in the access-list you applied outside?

PIX OS before 7.2 accepts private IP addresses in the access-list statements.

access-list outside_access_in remark *** Permit ICMP to PIX ***

access-list outside_access_in permit icmp any any

access-list outside_access_in remark *** Permit FTP to NAS ***

access-list outside_access_in permit tcp any host 192.168.99.11 eq ftp

access-list outside_access_in remark *** Permit RDP to NAS ***

access-list outside_access_in permit tcp any host 192.168.99.11 eq 3389

access-list outside_access_in remark ** Permit DNS to NAS (UDP) ***

access-list outside_access_in permit udp any host192.168.99.11 eq domain

access-list outside_access_in remark ** Permit DNS to NAS (TCP) ***

access-list outside_access_in permit tcp any host 192.168.99.11 eq domain

Hope this helps

Ali TADIR

0 Helpful

jc_sutcliffe
Level 1
Level 1
In response to alitadir

‎11-21-2011 05:09 AM

Hi Ali,

I think it is above the 7.2 but I will amend this when I get home later.


I remembered that it is doing a few more odd things. I can't seem to ping the outside interface of the pix and im also having issues conecting to a work vpn usign windows on a dhcp'd client.


Can you see anything else on the list that may be causing an issue?

Many thanks
Jason

0 Helpful

alitadir
Level 1
Level 1
In response to jc_sutcliffe

‎11-21-2011 06:04 AM

Hi Jason, I don't think that its software is above 7.2 because the last software that PIX 501 supports is 6.3.5.

Regarding pptp/l2tp vpn;

you should enter the fixup command;

fixup protocol pptp 1723

Ali TADIR

0 Helpful

alitadir
Level 1
Level 1
In response to jc_sutcliffe

‎11-21-2011 06:08 AM

Jason, I also don't see the access group commands in order to apply the access-lists. Please add the below line also;

these lines permit traffic to outbound

access-list inside_access_in permit ip any any

access-list inside_access_in permit icmp any any

these lines apply traffic to the interfaces

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

Hope these helps

Ali TADIR

0 Helpful

jc_sutcliffe
Level 1
Level 1
In response to alitadir

‎11-21-2011 07:22 AM

Ah ha. I think these may be the command Ali!

When I get home I will give them a go and let you know.

Many thanks

Jason

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card