Hello. I am having some troubles with my CISCO PIX 501 configuration.
Since a few month ago I started to get random disconnections on my network (from inside to outside). The machines can ping the DC or the Pix but cannot surf over the internet. The only way to make them to go outside is a Pix restart.
My configuration is the following:
as-pix(config)# show config : Saved : Written by enable_15 at 09:23:07.033 UTC Tue Jun 3 2014 PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 8Ry34retyt7RR564 encrypted passwd 2fvbbfgdI.2KUOU encrypted hostname as-pix domain-name as.local fixup protocol dns maximum-length 512 fixup protocol esp-ike fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol pptp 1723 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list acl_out permit icmp any any access-list acl_out permit ip any any access-list acl_out permit tcp any any access-list outside_access_in permit esp any any access-list outside_access_in permit udp any eq isakmp any access-list outside_access_in permit udp any eq 1701 any access-list outside_access_in permit udp any eq 4500 any access-list outside_access_in permit ip any any pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 10.10.10.2 255.255.255.0 ip address inside 192.168.100.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 10.10.10.8-10.10.10.254 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group outside_access_in in interface outside access-group acl_out in interface inside route outside 0.0.0.0 0.0.0.0 10.10.10.1 0 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http 192.168.10.2 255.255.255.255 inside http 192.168.10.101 255.255.255.255 inside http 192.168.100.2 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec isakmp nat-traversal 20 telnet timeout 5 ssh 192.168.10.101 255.255.255.255 inside ssh timeout 60 console timeout 0 dhcpd dns 184.108.40.206 220.127.116.11 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside terminal width 80 Cryptochecksum:7f9bda5e534eaeb1328ab08a3c4d28a ------------
Do you have any advice? I am not getting what is wrong with my configuration.
My DC is 192.168.100.2 and the network mask is 255.255.255.0
The network configuration is set up to set the Gateway IP to 192.168.100.1 (which is the PIX 501).
You need to purchase this of a cisco reseller or cisco direct but I am afraid cisco pix are now EOL so you may have to upgrade your PIX FW to an ASA FW or if that isn't palpable and finances are tight maybe remove the pix altogether and depending on your existing routers male/model apply IOS security to the router.
Please don't forget to rate any posts that have been helpful.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...