Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
6
Replies

How to give internet access to inner network

rparulekar
Level 1
Level 1

‎10-11-2002 06:12 AM - edited ‎03-02-2019 02:00 AM

Hi:

I have a block of external IP addresses in a /28 range. I have protected my

inner network with a Cisco PIX 515 firewall and have configured the inner

network with a private class c ip block (eg. 192.168.10.0/255.255.255.0). I

have then configured dynamic NAT on the PIX device where the whole inner

network will use the external Interface's IP address with Port address

translation i.e.:

global (outside) 1 interface

nat (inside) 1 192.168.10.0 255.255.255.0 0 0

I have then also allowed icmp bi-directionally between the inside and

outside interfaces using access-lists.

But I am unable to ping (from the inner network) any IP address on the

outside, including the IP address of the outside interface.

My main aim is to give internet access to the devices/servers that are on my

inner network (i.e behind the firewall). Does anyone have any ideas on why

my set up is not working or on alternate ways to set this up.

Thanks.

Labels:
0 Helpful
6 Replies 6

thisisshanky
Level 11
Level 11

‎10-11-2002 07:22 AM

Have you give a static default route on PIX to your internet gateway router on the oustide interface.

route outside 0.0.0.0 0.0.0.0

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

rparulekar
Level 1
Level 1
In response to thisisshanky

‎10-11-2002 07:38 AM

Thanks for responding!! I do have a static route in PIX on the outside interface which is:

route outside 0.0.0.0 0.0.0.0 1

I am still not able to ping the outside from the inside. Thanks.

0 Helpful

thisisshanky
Level 11
Level 11
In response to rparulekar

‎10-11-2002 07:45 AM

Are you trying to ping the PIX interface or an ip address on the internet. If its the PIX outside interface you are trying to ping from the inside, PIX wont respond.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

rparulekar
Level 1
Level 1
In response to thisisshanky

‎10-11-2002 07:52 AM

I am unable to ping any IP address on the internet. I tried to ping the DNS server of our ISP but get a "request time out". I also tried to ping the IP address of the next hop router which is in the same subnet as the outer interface of the PIX but am getting an RTO here as well.

0 Helpful

thisisshanky
Level 11
Level 11
In response to rparulekar

‎10-11-2002 08:13 AM

Can you input some of relevant configs of the pix and router.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

rparulekar
Level 1
Level 1
In response to thisisshanky

‎10-11-2002 08:20 AM

I have just emailed the config file to you. I look forward to your input. Thanks!!

0 Helpful
Customers Also Viewed These Support Documents