I get an ping and traceRT response from both the inside and outside interfaces of the 501 but can’t seem to get similar response from the ADSL Gateway Router. Hence there is no connectivity to the internet from internal clients.

What am I doing wrong, please help?

Building configuration...

: Saved


PIX Version 6.1(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall


fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000


name PDC_Server01

name Mail_Server03

access-list outside_access_in permit icmp any any

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside

ip address inside

ip audit info action alarm

ip audit attack action alarm

pdm location Mail_Server03 inside

pdm location PDC_Server01 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0 0

static (inside,outside) Mail_Server03 netmask 0 0

static (inside,outside) PDC_Server01 netmask 0 0

access-group outside_access_in in interface outside

route outside 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

no floodguard enable

no sysopt route dnat

telnet timeout 5

ssh timeout 5

dhcpd address inside

dhcpd dns

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80


: end


Have you tried to put an access list on the inside interface and appy it with the access group command like you have on the outside interface. Yout probably going to be permitting all IP leaving the PIX so "access-list inside permit ip any any" should work.


