Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501 cannot ping outside

--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --

Hi,

This is my PIX configuration:

wr term

Building configuration...

: Saved

:

PIX Version 6.1(3)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password --moderator edit-- encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname chqpix1

domain-name ciscopix.com

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list out_acc_in permit ip any any

pager lines 24

logging on

logging host inside 10.10.252.224

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 172.16.0.212 255.255.0.0

ip address inside 10.10.252.2 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm location 172.16.0.0 255.255.0.0 outside

pdm location 192.168.0.0 255.255.0.0 inside

pdm location 0.0.0.0 255.255.255.0 inside

pdm location 176.16.0.0 255.255.0.0 outside

pdm location 172.16.0.0 255.255.0.0 inside

pdm location 0.0.0.0 255.255.0.0 inside

pdm location 172.16.0.0 255.255.255.0 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group out_acc_in in interface outside

route outside 0.0.0.0 0.0.0.0 172.16.0.1 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323

0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt noproxyarp inside

no sysopt route dnat

telnet 10.10.252.0 255.255.255.0 inside

telnet timeout 20

ssh timeout 5

dhcpd address 192.168.1.2-192.168.1.129 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:d5b3e36ed3e65eeb5fe3f8806fa3c033: end [OK]

chqpix1#

chqpix1# sh inter e0

interface ethernet0 "outside" is up, line protocol is down

Hardware is i82559 ethernet, address is 000a.411e.f57e

IP address 172.16.0.212, subnet mask 255.255.0.0

MTU 1500 bytes, BW 10000 Kbit half duplex

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software

(0/0)

output queue (curr/max blocks): hardware (0/0) software (0/0)

chqpix1# sh inter e1

interface ethernet1 "inside" is up, line protocol is up

Hardware is i82559 ethernet, address is 000a.411e.f57f

IP address 10.10..252.3, subnet mask 255.255.255.0

MTU 1500 bytes, BW 10000 Kbit full duplex

13149 packets input, 1844530 bytes, 0 no buffer

Received 12621 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

626 packets output, 48407 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

input queue (curr/max blocks): hardware (128/128) software

(0/2)

output queue (curr/max blocks): hardware (1/2) software (0/1)

chqpix1#

Suddenly I can't ping to my default gateway 172.16.0.1, although it was working properly.

Thanks

Richard

4 REPLIES
Silver

Re: PIX 501 cannot ping outside

Hi Richard,

The problem is with the interface. Please look at the following output:

chqpix1# sh inter e0

interface ethernet0 "outside" is up, line protocol is down

Your e0 interface line protocol is down. Possible cause would be either the cable is incorrect or not plugged into the interface connector properly. So, first I would check to see the port condition on the other side of the cable like switch/router ports. If nothing seems to be wrong with the port on other end then I would try with a different cable.

Thanks,

Mynul

New Member

Re: PIX 501 cannot ping outside

Hi Mynul,

Thanks for your mail. Actually at that time I disconnected my UTP cable from the PIX. I had to connect my office people to the internet, so I used our proxy instead of PIX.

My setup is like this:

internet( cable modem)------->PIX------------>LAN , but now after facing problem, I changed it to:

inernet( cable modem)---------Proxy------------>LAN

It does not work if I again connect UTP cable to PIX's e0 interface. That was the origianl setup, for the time being I am using e0' s cable in the Proxy server.

That's why you saw line protocol is down.

Thanks

Richard

New Member

Re: PIX 501 cannot ping outside

I agree. We need to look first at what is causing your interface to be up down. When you say it's going to your lan I'm assuming a switch, is the speed and duplex the same on both side?, are you doing any vlans? But I would concentrate on solving the interface problem first then try to figure out the firewall issue.

New Member

Re: PIX 501 cannot ping outside

Hi,

Now, I have connected one stright utp cable with my PIX and cable modem. e0 is up now. But, still I cannot ping my default gateway( 172.16.0.1). Why?

Best regards

Richard

583
Views
0
Helpful
4
Replies
CreatePlease login to create content