05-23-2007 11:45 AM
I am in the process of setting up a PIX 515e box in transparent mode. I have done all the basic configurations (set my inside and outside interfaces/enabled them, set the management interface, etc). I can ping from the device to both inside and outside hosts and I can manage the device from either inside or outside. My problem is that I cannot communicate between inside and outside hosts. The PIX does not seem to be passing traffic.
Am I missing someing in the basic configuration ?
Version is 7.2(2)
Thanks for any help!
05-24-2007 09:56 AM
Have a look at this page for a training module for setting up firewall in transparent mode.
http://www.cisco.com/web/learning/le31/le29/configuring_asa_pix_security_appliances.html
You could also post you configuration probably could look into it.
-Hoogen
Do rate helpful posts :)
05-28-2007 08:04 AM
I went through that as part of my troubleshooting, in fact I used the info from that training module to configure the pix box. Am I wrong in assuming that the basic config as outlined in the training module should get the box up and running and passing traffic from inside to outside hosts?
Here is the config, I've blocked out IPs and the hostname, it should be a default config except for the admin accesses that have been set up.
: Saved
:
PIX Version 7.2(2)
!
firewall transparent
hostname myfirewall
domain-name default.domain.invalid
enable password xxx
names
!
interface Ethernet0
nameif outside
security-level 0
!
interface Ethernet1
nameif inside
security-level 100
!
passwd xxx
boot system flash:/pix722.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name default.domain.invalid
pager lines 24
logging enable
logging trap debugging
logging asdm debugging
logging host outside x.x.x.x
mtu outside 1500
mtu inside 1500
ip address x.x.x.x 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-522.bin
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username yyy password Z13OuyLCHVQtHpU9 encrypted privilege 15
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http x.x.x.x 255.255.255.255 outside
http x.x.x.x 255.255.255.255 inside
http x.x.x.x 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh x.x.x.x 255.255.255.255 outside
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:xxx
: end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide