pix at home

Answered Question
Jan 15th, 2008

i brough a extra pix506e we had at the office home so i can play with the VPN client software.

I cannot get my computers (3) at home to get internet access. they get internal ip addresses but for some reason i cannot connect to the internet!

Below is my configuration!

Also my IP address at home is dynamic NOT STATIC!

any ideas?

PIX Version 6.3(3)

interface ethernet0 10full

interface ethernet1 10full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxx

passwd xxx

hostname pixfirewall

domain-name ciscopix.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 500

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 10.9.2.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 10.9.2.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 10.9.2.200-10.9.2.210 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:xxx

: end

I have this problem too.
0 votes

I have in the past seen problems with cable modems and dhcp/new equipment. Have you tried to turn off the cable modem and PIX. Wait some time (30-60 min.) turn on the modem and after a couple of minutes turn on the PIX.

Sometimes it is nessesary to call your ISP and get them to release the DHCP lease, or register the MAC address of the new equipment.

Hope it helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
srue Tue, 01/15/2008 - 18:52

at first glance the config looks OK.

do you get an ip address on the outside interface, "show ip".

add the following to allow pings to the Internet:

access-list OUTSIDE_IN permit icmp any any echo-reply

access-group OUTSIDE_IN in interface outside

then try to ping 4.2.2.4

(that's a top level DNS server). If that doesn't work, try to ping it from the firewall.

is there a reason you hardcoded the speed/duplex?

Danny Guillory Jr Tue, 01/15/2008 - 19:52

when i do a show ip i get:

no ip address outside

ip address inside 10.9.2.1 255.255.255.0

for both current ip address & system IP address

i did not hardcode the IP speed. this router had a old config on it. so to clear it i did a:

configure factory-default 10.9.2.1 255.255.255.0

and for some reason it did that be itself! I THINK.

srue Wed, 01/16/2008 - 05:32

you're not getting an IP address on the outside then.

change the interface(s) to auto:

interface ethernet0 auto

interface ethernet1 auto

...

then re-enter the following:

ip address outside dhcp setroute

Danny Guillory Jr Wed, 01/16/2008 - 16:13

Here is my PIX configuration. I still am not getting a IP address from the cable modem?

any ideas?

PIX Version 6.3(3)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxx

passwd xxx encrypted

hostname pixfirewall

domain-name ciscopix.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list OUTSIDE_IN permit icmp any any echo-reply

pager lines 500

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 10.9.2.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group OUTSIDE_IN in interface outside

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 10.9.2.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 10.9.2.200-10.9.2.210 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:xxx

: end

Correct Answer

I have in the past seen problems with cable modems and dhcp/new equipment. Have you tried to turn off the cable modem and PIX. Wait some time (30-60 min.) turn on the modem and after a couple of minutes turn on the PIX.

Sometimes it is nessesary to call your ISP and get them to release the DHCP lease, or register the MAC address of the new equipment.

Hope it helps.

Actions

This Discussion