02-13-2008 07:35 AM - edited 03-05-2019 09:07 PM
Hi,
I need your help.. I have configured my pix501 outside and inside ip address... I think everything is in place but I still cannot access the internet. I am attaching my present configuration.. Thanks
02-13-2008 10:59 AM
I find the statement "nat (inside) 1 192.168.43.0 255.255.255.0 0 0" when you already have "nat (inside) 1 0.0.0.0 0.0.0.0 0 0". Though this should not be a problem, you don't need it. Have you tried to ping 203.131.103.177? Source your ping from the outside interface. Configuration looks correct and it looks like a connectivity problem between your PIX and ISP router.
02-13-2008 11:35 AM
Yes I have ping 203.131.103.177 and its not replying. I dont think its the connectivity because I can connect to the internet without the pix in the network.
02-13-2008 11:46 AM
Hi
Why do you have this statement
static (inside,outside) 192.168.43.0 192.168.43.0 netmask 255.255.255.0 0 0
This says not to NAT any of the 192.168.43.0 address as they go from inside to outside and takes precedence over your nat/global statements.
Remove that statement, do a "clear xlate" and try again.
Jon
02-13-2008 11:50 AM
Nice catch Jon, I was looking at that too I think this is his problem.
02-13-2008 11:55 AM
Thanks Jon.. How can I delete this entry? what is the exact command?
02-13-2008 11:57 AM
pix(config)# no static (inside,outside) 192.168.43.0 192.168.43.0 netmask 255.255.255.0
Don't forget you then need to clear the xlate translations
pix# clear xlate
Be aware that the "clear xlate" will remove all existing connections through your firewall but it sounds like this is not a problem at the moment.
Jon
02-13-2008 01:23 PM
Hi Jon, I did everything you said but I still can't connect to the internet... I cannot ping the outside ip but I can ping the inside ip...
02-13-2008 01:45 PM
can you post the interface status of your outside interface, to where is the outside onnected to , a switch ? if a switch make sure outside interface is in same vlan as ISP router, if you have outside interface directly connected to a router that is not magageable by you I would recommend your interface outside be autodetect for speed transmission.
e.g
show interface ethernet0
02-13-2008 02:01 PM
Here it is.. but as of now it is disconnected from the network ..
AOSMANPIX(config)# show interface 0
interface ethernet0 "outside" is up, line protocol is down
Hardware is i82559 ethernet, address is 000b.5f37.bc48
IP address 203.131.103.176, subnet mask 255.255.255.0
MTU 1500 bytes, BW 10000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/0)
output queue (curr/max blocks): hardware (0/0) software (0/0)
02-13-2008 02:06 PM
here is it buddy. Thanks..
AOSMANPIX(config)# show interface 0
interface ethernet0 "outside" is up, line protocol is down
Hardware is i82559 ethernet, address is 000b.5f37.bc48
IP address 203.131.103.176, subnet mask 255.255.255.0
MTU 1500 bytes, BW 10000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/0)
output queue (curr/max blocks): hardware (0/0) software (0/0)
02-13-2008 02:14 PM
Okay, after typing that rather long post :) Jorge has hit the nail on the head. Your outside interface is showing down. You need to check the physical connectivity as suggested by Jorge.
Jon
02-13-2008 02:23 PM
Jon, is pix 501 a firewall and a router all in one?...
02-14-2008 06:50 AM
Thanks... The outside is connected directly to the dsl modem
02-13-2008 01:57 PM
Hi Jon, I did everything you said but I still can't connect to the internet... I cannot ping the outside ip but I can ping the inside ip...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: