#1. NAT: If you want to get to the Internet, you'll need to NAT your IPs to something public. Your [nat inside (0)] statement tells the Pix not to NAT traffic for the 192.168.1.0/24 network. Instead, replace it with something like
nat (inside) 1 192.168.1.0 255.255.255.0
Now add a global statement to NAT the traffic to something public. You can use the Pix's outside interface if you would like.
global (outside) 1 interface
#2. ACLs: Your two access-lists don't actually accomplish anything as they are both the Pix's behavior by default. That is, allow all traffic on the inside interface going out and deny all traffic on the outside interface coming in. So just remove the inside interface ACL all together and replace the outside ACL with something like this.
access-list outside_access_in permit icmp any any echo-reply
access-list outside_access_in permit icmp any any unreachables
access-list outside_access_in permit icmp any any time-exceeded
access-group outside_access_in in interface outside
The pix does not do stateful inspection of ICMP traffic. Therefore, this access-list allow responses to ping requests from hosts on the outside to hosts on the inside. It will also allow ICMP unreachables in. The time-exceeded will permit traceroute to work going out to the internet. It should be noted that using this ACL will not allow hosts on the Internet to ping your hosts on the inside.
All other traffic started on the inside going out will automagically be let back in by the Pix due to its stateful inspection of the packets.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :