Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
936
Views
0
Helpful
5
Replies

Pix 501 cannot connect access any pc's outside.

bikmann
Level 1
Level 1

‎02-16-2003 01:12 PM - edited ‎02-20-2020 10:33 PM

I am setting 1st time Pix 501 with 10 user 3DES product. I used the wizard to setup. Very simple. But does not work.

My PC is a part of a big private network. without the firewall, I can access everything including the internet outside my subnet.

Outside network ID: 10.10.13.0

Gateway: 10.10.1.1

DNS 1: 10.10.1.10

DNS2: 10.10.2.10

If I set IP address of my computer to 10.10.13.5, it works just fine. I can connect to Internet, and ping other PCs.

Now I create a separate private network as:

Network ID: 192.168.1.0

Internal Gateway for all PCs: 192.168.1.1

IP Address for my PIX 501 (Internal) 192.168.1.1/24

IP Address for my PIX 501 (External) 10.10.13.1/16

Gateway address for External: 10.10.1.1

With this setup, and all the defaults, it does not ping or http outside the firewall. I even tried PAT, NAT, and No Translation. I even allowed all ICMP packets, but it won't work.

Cisco documentation says, it has default configuration to provide easy setup with all the necessary setting to allow for home office usage, then why wouldn't it work for me?

Thanks for replaying.

0 Helpful
5 Replies 5

rmorrow
Level 1
Level 1

‎02-16-2003 02:13 PM

Did you setup your nat and global?

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

This will allow all internal addresses to be pat'ed to the outside interfaces IP address.

0 Helpful

gomesrichard
Level 1
Level 1
In response to rmorrow

‎02-17-2003 09:04 AM

1)check your routing entry in pix config.

2)debug icmp trace and see whether there is any deny.

richard

0 Helpful

bikmann
Level 1
Level 1
In response to gomesrichard

‎02-17-2003 09:16 AM

1. My routing entry is:

route outside 0.0.0.0 0.0.0.0 10.10.1.1 1

2. I haven't done "debug icmp trace", I read somewhere that be carefull when running, hence I didn't wanted more trouble than I was. What is the syntax, is that what I key in the CLI window?

0 Helpful

bikmann
Level 1
Level 1
In response to rmorrow

‎02-17-2003 09:11 AM

My config does include (however my nat is slightly different than yours, look at extra zero's on mine, what they are I don't know):

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

0 Helpful

gomesrichard
Level 1
Level 1
In response to bikmann

‎02-17-2003 08:21 PM

hi,

For ICMP test:

1) access-list ping_test permit icmp any any

access-group ping_test in interface inside

2) From your PIX, can you ping the default gateway, 10.10.1.1?

3a) Enable icmp( #1),

3b) debug icmp trace ( this is the command for debugging icmp)

then from any inside pc, ping the default gateway. Check icmp trace in the PIX console.

richard

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card