cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
610
Views
0
Helpful
0
Comments
TCC_2
Level 10
Level 10

Core issue

This issue occurs because a default route does not exist on the Cisco Secure PIX Firewall, or because NATting/PATting is not configured.

Resolution

In order to resolve this issue, complete these steps:

  1. Make sure the PIX has the route outside 0.0.0.0 0.0.0.0 command configured in order to direct all unknown traffic to the directly connected Ethernet port of the outside router.

  2. Verify that the default gateway of the client is set to the inside interface of the PIX.

  3. For pings to work, verify that there is an access-list statement applied to the outside interface that permits the Internet Control Message Protocol (ICMP) echo-replies back in through the PIX.

  4. Verify that the PIX configuration has a translation, either a nat and a related global statement or a static statement, for the inside host. In order to check the translation, issue the show xlate command.

      For example, in order to translate the 10.1.1.0/24 network on the inside interface, enter these commands:

   hostname(config)#nat (inside) 1 10.1.1.0 255.255.255.0
   hostname(config)#global (outside) 1 209.165.201.1-209.165.201.30

     In order to identify a pool of addresses for dynamic NAT as well as a PAT address for when the NAT pool is exhausted, enter these commands:

   hostname(config)#nat (inside) 1 10.1.1.0 255.255.255.0
   hostname(config)#global (outside) 1 209.165.201.5
   hostname(config)#global (outside) 1 209.165.201.10-209.165.201.20

     Refer to the Cisco Secure PIX Firewall Command References of the appropriate software version for more information about these PIX commands.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: