Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

501 ISP access

I have navigated around and added commands to a PIX before but always with support from a CCNA within my company. I do not have that resource available to me anymore and I am attemting to install a new PIX 501 to my cable modem. I have a static IP assigned and have been using the PDM to setup PIX. The server attached to the switch can ping the PIX and vise-versa, but no Internet access. I know that I am missing some statements but don't know which. I am attaching my config. Any insight or direction would be much appreciated. Thanks in advance.

PIX Version 6.1(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password OLKvKRtWYoX8k0LJ encrypted

passwd Dx7ZLAkN9r0yT5Q6 encrypted

hostname pixfirewall

domain-name ciscopix.com

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list inside_access_in permit tcp 192.168.1.0 255.255.255.0 12.107.19.128

255.255.255.128

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 12.107.19.167 255.255.255.128

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group inside_access_in in interface inside

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet 192.168.1.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

dhcpd address 192.168.1.2-192.168.1.33 inside

dhcpd lease 3600

dhcpd ping_timeout 750

1 REPLY
New Member

Re: 501 ISP access

Your access-list entry only allows you to go to network 12.107.19.128/25. You should remote the access-list entry and replace it with the following (assuming that you require full access to the internet):

access-list inside_access_in permit ip 192.168.1.0 255.255.255.0 any

By removing the access-list entry, you might automatically remove the access-group statement. If this happens, just reenter the statement.

93
Views
0
Helpful
1
Replies
CreatePlease to create content