pix 501 setup problem - Cisco Community

483

Views

0

Helpful

5

Replies

our company transfer a new ISP,I have to setup my pix 501 again,

the new IP ADDRESS has 13 static address:

151.XXX.XXX.66 ... 151.XXX.XXX.78 NETMASK 255.255.255.0

GW: 151.XXX.XXX.1

DNS: 68.237.161.12 , 71.250.0.12

i check these ip address one by one, all the address can work,but when i put them to the pix and replace the old ip address, the local pc cannot go to internet, please help me to check it, is there any errror when i setup?

PIX Version 6.3(3)

interface ethernet0 10baset

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list outside_access_in permit icmp any any

ata

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 151.xxx.xxx.66 255.255.255.240

ip address inside 10.0.1.11 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

global (outside) 1 151.xxx.xxx.68 netmask 255.255.255.240

nat (inside) 1 10.0.1.0 255.255.255.0 0 0

conduit permit esp any any

conduit permit icmp any any

conduit permit udp any eq isakmp any

route outside 0.0.0.0 0.0.0.0 151.xxx.xxx.1 1

timeout xlate 3:<?xml:namespace prefix = st1 />00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 10.0.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt noproxyarp inside

telnet 10.0.1.11 255.255.255.255 inside

telnet 10.0.1.0 255.255.255.0 inside

telnet timeout 15

ssh timeout 5

console timeout 0

dhcpd address 10.0.1.70-10.0.1.101 inside

dhcpd dns 68.237.161.12 71.250.0.12

dhcpd lease 3000

dhcpd ping_timeout 750

dhcpd enable inside

terminal width 80

Cryptochecksum:44eba47e4c79bf94f39b1bd181bd5df0

: end

5 Replies 5

Subnet mask ?

the new IP ADDRESS has 13 static address:

151.XXX.XXX.66 ... 151.XXX.XXX.78 NETMASK 255.255.255.0

ip address outside 151.xxx.xxx.66 255.255.255.240

ip address inside 10.0.1.11 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

global (outside) 1 151.xxx.xxx.68 netmask 255.255.255.240

the ISP told me, the netmask is 255.255.255.0

in the pix 501 setup interface, i use 255.255.255.240

is this the problem? if it is the problem, what i should be replace it?

thanks

Yes it is the problem because your default-gateway 151.xxx.xxx.1 according to your statement

route outside 0.0.0.0 0.0.0.0 151.xxx.xxx.1

but the interface address is

ip address outside 151.xxx.xxx.66 255.255.255.240

so the pix thinks that .1 is in a different network that the outside interface so it cannot use .1 as a default-route. So either

1) your default-gateway of 151.x.x.1 is wrong

OR

2) Change subnet mask on outside interface of 255.255.255.0

Jon

thanks for your help.

i try to use netmask as: 255.255.255.0

it's not work too.

how i should be to do?

i test the ip address and gateway, DNS,all of them can working.

when i use netmask as 255.255.255.0

pix not working.

please give me some idea, thanks

Review Cisco Networking products for a $25 gift card