Hello, I am testing a DSL business line with a PIX 525 firewall. I have an Internal network of 188.8.131.52/26. (The IP addresses for the inside and outside networks were changed.) The external IP address is dynamically assigned from the ISP. I created a nat for the inside network and used a global command for the outside. Then I statically assigned an external IP to an internal IP. I opened up all tcp, upd, icmp, ip traffic and port 80 and 7047. From the Internet I would like to get to test the following: 1) ping 184.108.40.206 2) trace route 220.127.116.11 3) http://18.104.22.168:7047 4) http://22.214.171.124 None of the above seem to be working. I have attached the configuration file. Can anyone see any problems with this configuration? Can anyone help? Your help would be greatly appreciated. Thank you. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// PIX Version 8.0(4) ! hostname fw2 domain-name testing.com names dns-guard ! interface Ethernet0 nameif outside security-level 0 pppoe client vpdn group test-pppoe-att ip address pppoe setroute ! interface Ethernet1 nameif inside security-level 100 ip address 126.96.36.199 255.255.255.192 standby 188.8.131.52 ! interface Ethernet2 shutdown no nameif no security-level no ip address ! interface Ethernet3 description STATE Failover Interface ! interface Ethernet4 nameif management security-level 100 ip address 192.168.100.1 255.255.255.0 standby 192.168.100.2 management-only ! interface Ethernet5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1 shutdown no nameif no security-level no ip address ! ftp mode passive clock timezone PST -8 clock summer-time PDT recurring dns domain-lookup outside dns domain-lookup inside dns domain-lookup management dns server-group DefaultDNS domain-name testing.com access-list OUT_IN extended permit tcp any host 184.108.40.206 eq www access-list OUT_IN extended permit tcp any host 220.127.116.11 eq 7047 access-list OUT_IN extended permit tcp any any access-list OUT_IN extended permit udp any any access-list OUT_IN extended permit icmp any any access-list OUT_IN extended permit ip any any access-list 101 extended permit tcp any any access-list 101 extended permit udp any any access-list 101 extended permit icmp any any access-list 101 extended permit ip any any pager lines 24 logging enable logging timestamp logging buffer-size 1048576 logging trap errors logging history errors logging asdm errors logging host inside 18.104.22.168 logging permit-hostdown mtu outside 1500 mtu inside 1500 mtu management 1500 failover failover link failover Ethernet3 failover interface ip failover 192.168.6.254 255.255.255.0 standby 192.168.6.253 no monitor-interface outside icmp unreachable rate-limit 1 burst-size 1 asdm image flash:/asdm-61551.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 22.214.171.124 255.255.255.0 static (inside,outside) 126.96.36.199 188.8.131.52 netmask 255.255.255.255 access-group OUT_IN in interface outside access-group 101 in interface inside route inside 184.108.40.206 255.255.255.0 220.127.116.11 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy http server enable http 18.104.22.168 255.255.255.0 inside http 192.168.100.0 255.255.255.0 management snmp-server host inside 22.214.171.124 community testmgmt version 2c no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet 126.96.36.199 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 management-access inside vpdn group test-pppoe-att request dialout pppoe vpdn group test-pppoe-att localname email@example.com vpdn group test-pppoe-att ppp authentication pap vpdn username firstname.lastname@example.org password ***************************** threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 188.8.131.52 source inside prefer ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global prompt hostname context Cryptochecksum:be07d15845e099d1c208c0e6a1360176 : end
... View more
Our company has one building with many Cisco 1200 series access points running two radios. The company has a manufacturing and assembly area where there is open space and also a lot of manufacturing CNC machines. Recently the Cisco 1200 access points were upgraded from version 12.2(15).XR2 to version 12.3(8)JA2 because the data network seemed very unpredictable. Radio0-802.11G was solely designated for the wireless voice network using the Avaya 3626 handsets. Radio1-802.11A was solely designated for the data network for laptop wireless access. Lately there seem to be problems with the Avaya 3626 phones. It seems that they lose connections when turning the unit on, or when walking around the building. I have been getting the following error messages on the phones: "Cant renew DHCP", "No SVP Response" or simply does nothing it just sits at the "123456789" screen (you get this screen when you turn on the unit). I have searched Avaya's website for solutions and I found some configuration and deployment guide for the Cisco 1200 Access Points with Avaya handsets. I followed their documentation and tried to optimize the access points for Quality of Service, tweaked the power settings and response times for the Radio0-802.11G radio and still no luck. It seems that it has gotten worse than before. Today (11/5/08) I reconfigured all settings to be the same as in the beginning. I still see that the wireless phones are unpredictable, they connect whenever they want to. Then they stay connected and after a while I usually get the â123456789" screen (you get this screen when you turn on the unit). Has anyone ever seen these kinds of issues?
... View more