configuring pix 501 to access the internet - Page 2

felcaruana · ‎02-13-2008

Hi,

I need your help.. I have configured my pix501 outside and inside ip address... I think everything is in place but I still cannot access the internet. I am attaching my present configuration.. Thanks

Jon Marshall · ‎02-13-2008

Hi

In addition to Jorge's suggestions which you need to check can you ping the ISP router IP address 203.131.103.177 from the firewall.

To test this you may need to temporarily add an extra line to the config

pix(config)# icmp permit 203.131.103.177 255.255.255.255 outside

You will not be able to ping the pix outside interface IP address from a machine on the inside network - 192.168.43.x. So you need to check connectivity in other ways.

If you can ping the ISP router then

1) try pinging a host on the Internet by IP address from the firewall

2) If 1) works try pinging from an inside host - 192.168.43.x. Again you need to ping the IP address at first.

If you can't ping your ISP router then you need to start checking physical connectivity and any switch config as suggested by Jorge.

The other thing you can do with pix v6.x is debugging the packets.

So

If you can ping the ISP router address from the firewall but you cannot from an inside address try on the firewall

pix# debug packet inside dst 203.131.103.177

pix# debug packet inside src 203.131.103.177

This will show you the packets arriving and leaving on the inside interface destined or coming from the ISP address.

You can also run these on the outside interface ie.

pix# debug packet outside dst 203.131.103.177

pix# debug packet outside src 203.131.103.177

Be careful with debugging on a live system - you should be okay if you specify the source or destination as above.

To turn off debugging

pix# no debug all

Jon