PIX 501 and Internet Access Issue

Unanswered Question

My network is very simple, like this: A DSL Modem is connected to a Cisco PIX 501 firewall/router, and a computer is connected to this firewall.

Now this PIX 501 box has two interfaces: Inside ( and the netwroked PC ( The outside interface is set to DHCP to be dynamically assigned an IP by the ISP's DNS server (

My networked PC (running Windows XP) is configured with an static IP (, default Gateway ( which is the PIX 501), and the DNS IP ( which is the ISP's DNS Server).

But I can NOT access the internet. I can Ping (the inside interface) but not the outside (

What am I missing and what should I do?


Please note:

I attached a file which shows the current PIX config. Please refer to the attachment below.




I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)

Thanks for the info. I am not at the PIX at this moment, but I'll try it later.

Just by going through the link reference:


I generated some questions:

1) The document says:"Use of the DHCP client feature to acquire an IP address from a generic DHCP server is not supported."

--What does it mean by generic DHCP server? If I am using the Yahoo/AT&T as my ISP, is this a generic DHCP server?

2)The document says:

"Use the global command with the interface keyword to enable PAT to use the DHCP-acquired IP address of outside interface"

--In my current config, there has already been a statement:

global (outside) 1 interface

--Do I still need to do what the docment says? If so, what should be the statement?

3)The document syas:

"Do not configure the PIX Firewall with a default route when using the setroute argument of the ip address dhcp command"

ip address outside dhcp [setroute]

--In my case, should or should not I use the [setroute]?

--How can I find out if my PIX fiewall has been configured with a default route?



rajbhatt Tue, 04/03/2007 - 21:42

Hi Scott,

I am not sure what a generic dhcp server means ur isp will be able to guide u better here .

Secondly U need to use

glo (outside ) 1 interface as the patted address.

Thirdly in the config I do not see a default route .

So the command u would use is

ip address outside dhcp setroute

And to check the routes u need to add :

sh route .

It will show the defualt route aquired by the firewall through dhcp


LEACHMIKE Wed, 04/04/2007 - 10:05

If your outside interface is set for DHCP, then your address will come from the DSL modem. Check that DHCP is enabled on the DSL modem. I have the same setup as you and it is the DSL device that you should check


This Discussion