Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Pix 501 cannot connect access any pc's outside.

I am setting 1st time Pix 501 with 10 user 3DES product. I used the wizard to setup. Very simple. But does not work.

My PC is a part of a big private network. without the firewall, I can access everything including the internet outside my subnet.

Outside network ID: 10.10.13.0

Gateway: 10.10.1.1

DNS 1: 10.10.1.10

DNS2: 10.10.2.10

If I set IP address of my computer to 10.10.13.5, it works just fine. I can connect to Internet, and ping other PCs.

Now I create a separate private network as:

Network ID: 192.168.1.0

Internal Gateway for all PCs: 192.168.1.1

IP Address for my PIX 501 (Internal) 192.168.1.1/24

IP Address for my PIX 501 (External) 10.10.13.1/16

Gateway address for External: 10.10.1.1

With this setup, and all the defaults, it does not ping or http outside the firewall. I even tried PAT, NAT, and No Translation. I even allowed all ICMP packets, but it won't work.

Cisco documentation says, it has default configuration to provide easy setup with all the necessary setting to allow for home office usage, then why wouldn't it work for me?

Thanks for replaying.

5 REPLIES
New Member

Re: Pix 501 cannot connect access any pc's outside.

Did you setup your nat and global?

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

This will allow all internal addresses to be pat'ed to the outside interfaces IP address.

New Member

Re: Pix 501 cannot connect access any pc's outside.

1)check your routing entry in pix config.

2)debug icmp trace and see whether there is any deny.

richard

New Member

Re: Pix 501 cannot connect access any pc's outside.

1. My routing entry is:

route outside 0.0.0.0 0.0.0.0 10.10.1.1 1

2. I haven't done "debug icmp trace", I read somewhere that be carefull when running, hence I didn't wanted more trouble than I was. What is the syntax, is that what I key in the CLI window?

New Member

Re: Pix 501 cannot connect access any pc's outside.

My config does include (however my nat is slightly different than yours, look at extra zero's on mine, what they are I don't know):

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

New Member

Re: Pix 501 cannot connect access any pc's outside.

hi,

For ICMP test:

1) access-list ping_test permit icmp any any

access-group ping_test in interface inside

2) From your PIX, can you ping the default gateway, 10.10.1.1?

3a) Enable icmp( #1),

3b) debug icmp trace ( this is the command for debugging icmp)

then from any inside pc, ping the default gateway. Check icmp trace in the PIX console.

richard

198
Views
0
Helpful
5
Replies
CreatePlease to create content