PIX 501 help

andy_saw_18 · ‎09-06-2006

Hi,

I have configure the PIX501 to have the following:

Inside Int: 192.168.0.1

Outside Int: 203.123.132.131

From the PIX console, I am able to ping to outside IP ( external IP such as goolgle ..etc ) and I am able to ping to the server connected to one of the server which is having 192.168.0.202 IP. However, from the server side, I am not able to ping out to any of the host reside externally such as google..etc

Need you guys help to shade some lights.

THanks,

vijayasankar · ‎09-06-2006

hi,

Can you post the config ( removing the sensitive details, public ip etc) here for us the check.

We would like to check the nat/global/acl/route configurations.

-VJ

Fernando_Meza · ‎09-06-2006

Hi .. you need to create a PAT for going out

nat (inside) 1 access-list OUTbound

global (outside) 1 interface

access-list OUTbound permit icmp any any <- allows ICMP

access-list OUTbound permit IP any any <- allows all

I hope it helps .. please rate if it does !!!

andy_saw_18 · ‎09-10-2006

thanks but I believe there's some routing issue.

pix501(config)# sh route

outside 0.0.0.0 0.0.0.0 203.123.132.1 1 OTHER static

inside 192.168.0.0 255.255.255.0 192.168.0.1 1 CONNECT static

outside 203.123.132.0 255.255.255.0 203.123.132.131 1 CONNECT static

My Linux server routing table:

[root@server ~]# route -n

Destination Gateway Genmask Flags Metric Ref Use Iface

203.123.132.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1

0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

Thanks,