Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Browse Internet thru PIX

Is there a sample of a configuration for allowing a pc behind the PIX to browse the Internet??? I have tried Static, NAT and PAT and still cannot browse the Internet. With a static command I can access my remote PIX's with SSH

and I have no problem implementing VPN but allowing a pc behind the PIX to browse the Internet has me stumped.


Re: Browse Internet thru PIX

Browsing the internet requires multiple things to be working -

the pc has to be able to resolve the hostname to an ip address

the pc needs to be able to make a request to that ip address.

Instead of testing with a browser, try pinging the hostname. Ping will attempt to resolve the hostname for you:

Pinging [] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms blocks incoming ICMP echo request packets (ping), but we can see that will resolve to ip address (if you try it, you will likely get a different ip cuz cnn uses a massive collection of web servers for their site, and you get randomly sent to one of them).

So, you first need to make sure that dns name resolution is working. Then, you can try to diagnose connectivity.


New Member

Re: Browse Internet thru PIX

I got it working. I had just our Domain DNS server in the NIC so I put the DNS server addresses from my ISP in and connected right away ( after a re-boot) I already had the Default Gateway pointing to the inside of the PIX. I guess the clue should have been the syslog was showing no build of a outbound TCP

for the static IP I was using.

Thanks anyway for responding.