Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
637
Views
0
Helpful
7
Replies

Assistance with setup

brzuromski
Level 1
Level 1

‎09-28-2005 12:37 PM - edited ‎03-09-2019 12:33 PM

hello,

I'm having problems setting up my PIX506E device. I don't have connectivity from the hosts on my switch to the router. I'm using a 2560 that is connected to the pix and that is connected to a 2735 router. I have my default gateway as the routers fa interface for the switch (is that correct?).

is there a acl I can use to open everything up on the firewall to test connectivity?

Labels:
0 Helpful
7 Replies 7

Patrick Iseli
Level 7
Level 7

‎09-28-2005 04:54 PM

The default gateway of the switch is the PIX.

Then the PIX uses the Router as a default gateway.

If your router has multiple networks connected, which is usually the case then you need to add static routes with that networks in direction to the router.

Can you post your PIX 506 config, but please replace your real IPs with something more general.

sincerely

Patrick

0 Helpful

brzuromski
Level 1
Level 1
In response to Patrick Iseli

‎09-29-2005 06:46 AM

Attached is my pix config. My hosts are on a vlan15 on 192.168.15.0/24. The vlan15 IP 192.168.15.15 and the inside ip of the pix is 192.168.15.2. The outside to the pix is 192.168.11.2 and the router is 192.168.11.1. I'm having the hardest time getting to the router from the hosts, or even to the inside interface to the pix from the hosts.

Thanks for the help patrick!!!

I've setup my default-gateway on the switch to point to the inside int of the pix (.15.2) like you said. When I ping the router it comes back as 0% success rate. Through 'debug icmp' on the pix I can see echo-requests coming from the switch to the router. I've setup my gateway on the hosts to point to the inside int of the pix (.15.2) as well. It appears to be doing the same as the switch. Maybe this is a acl issue on the pix?

4519-pix_config
0 Helpful

jcleary
Level 1
Level 1
In response to brzuromski

‎09-29-2005 01:38 PM

whats this Static for

static (inside,outside) 192.168.11.1 192.168.11.2 netmask 255.255.255.255 0 0

0 Helpful

brzuromski
Level 1
Level 1
In response to jcleary

‎09-29-2005 04:46 PM

hmmm...good question I think I was looking at IP's too long today and made a typo to the config. Thanks for pointing that out!!

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to brzuromski

‎09-30-2005 04:30 AM

You do not have any correct Adress Translation configured.

Might be good to take a look at his guide here.

Establishing Outbound Connectivity with NAT and PAT:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1112345

Basic PAT config example:

global (outside) 1 interface

nat (inside) 1 InternalNetwork InternalSubnetMask

route outside 0.0.0.0 0.0.0.0 RouterOutside 1

As allready mentined before the static has the wrong syntax !!

Example for outside to inside NAT, for example to access a Web Server:

access-list outside permit tcp any host 192.168.1.100 eq www

access-group outside in interface outside

static (inside,outside) PublicIP InsideIP netmask 255.255.255.255

sincerely

Patrick

0 Helpful

brzuromski
Level 1
Level 1
In response to Patrick Iseli

‎09-30-2005 04:47 AM

I was trying to stay away from using NAT. Is it required I use NAT for the PIX to function properly?

0 Helpful

renil_lambert
Level 1
Level 1
In response to brzuromski

‎09-30-2005 05:30 AM

its not required to nat if its a directly connected network,

http://www.cisco.com/warp/public/556/nat-cisco.shtml

route add would be enough..

this might help u.

renil

0 Helpful
Customers Also Viewed These Support Documents