cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1350
Views
0
Helpful
15
Replies

configuring pix 501 to access the internet

felcaruana
Level 1
Level 1

Hi,

I need your help.. I have configured my pix501 outside and inside ip address... I think everything is in place but I still cannot access the internet. I am attaching my present configuration.. Thanks

15 Replies 15

hareskhan
Level 1
Level 1

I find the statement "nat (inside) 1 192.168.43.0 255.255.255.0 0 0" when you already have "nat (inside) 1 0.0.0.0 0.0.0.0 0 0". Though this should not be a problem, you don't need it. Have you tried to ping 203.131.103.177? Source your ping from the outside interface. Configuration looks correct and it looks like a connectivity problem between your PIX and ISP router.

Yes I have ping 203.131.103.177 and its not replying. I dont think its the connectivity because I can connect to the internet without the pix in the network.

Hi

Why do you have this statement

static (inside,outside) 192.168.43.0 192.168.43.0 netmask 255.255.255.0 0 0

This says not to NAT any of the 192.168.43.0 address as they go from inside to outside and takes precedence over your nat/global statements.

Remove that statement, do a "clear xlate" and try again.

Jon

Nice catch Jon, I was looking at that too I think this is his problem.

Jorge Rodriguez

Thanks Jon.. How can I delete this entry? what is the exact command?

pix(config)# no static (inside,outside) 192.168.43.0 192.168.43.0 netmask 255.255.255.0

Don't forget you then need to clear the xlate translations

pix# clear xlate

Be aware that the "clear xlate" will remove all existing connections through your firewall but it sounds like this is not a problem at the moment.

Jon

Hi Jon, I did everything you said but I still can't connect to the internet... I cannot ping the outside ip but I can ping the inside ip...

can you post the interface status of your outside interface, to where is the outside onnected to , a switch ? if a switch make sure outside interface is in same vlan as ISP router, if you have outside interface directly connected to a router that is not magageable by you I would recommend your interface outside be autodetect for speed transmission.

e.g

show interface ethernet0

Jorge Rodriguez

Here it is.. but as of now it is disconnected from the network ..

AOSMANPIX(config)# show interface 0

interface ethernet0 "outside" is up, line protocol is down

Hardware is i82559 ethernet, address is 000b.5f37.bc48

IP address 203.131.103.176, subnet mask 255.255.255.0

MTU 1500 bytes, BW 10000 Kbit half duplex

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/0)

output queue (curr/max blocks): hardware (0/0) software (0/0)

here is it buddy. Thanks..

AOSMANPIX(config)# show interface 0

interface ethernet0 "outside" is up, line protocol is down

Hardware is i82559 ethernet, address is 000b.5f37.bc48

IP address 203.131.103.176, subnet mask 255.255.255.0

MTU 1500 bytes, BW 10000 Kbit half duplex

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software (0/0)

output queue (curr/max blocks): hardware (0/0) software (0/0)

Okay, after typing that rather long post :) Jorge has hit the nail on the head. Your outside interface is showing down. You need to check the physical connectivity as suggested by Jorge.

Jon

Jon, is pix 501 a firewall and a router all in one?...

Thanks... The outside is connected directly to the dsl modem

Hi Jon, I did everything you said but I still can't connect to the internet... I cannot ping the outside ip but I can ping the inside ip...

Review Cisco Networking for a $25 gift card