Hi,
the default gateway of the pc on your should should point to the INSIDE ip address of the pix (not the outside address)
Also the pix needs a default gateway. You should use the 'route' command to do this:
route outside 0.0.0.0 0.0.0.0 ip_address_of_default_gateway
I also ran the config through the cisco output interpreter tool and got these results:
--------------------------------------------------------------------------------
DISCLAIMER: This tool is provided as is and no guarantees are provided. The tool
may make suggestions to improve the security/performance of the PIX Firewall.
Any proposed changes to the configuration should be researched thoroughly and
tested in a lab environment if possible, and should be consistent with any
security policy you have in place. If you are still having problems, you should
contact a Cisco TAC engineer.
-------------------------------------------------------------------------------
WARNING: The enable password has not been set.
TRY THIS: Set the enable password with the 'enable password' configuration
command.
WARNING: A User level password (for TELNET access etc.) has not been set.
TRY THIS: Set the User level password with the 'passwd' configuration command.
WARNING: Make sure that you do NOT use 'cisco' as a password for access or
enable passwords.
TRY THIS: Set the regular password with the 'passwd' configuration command. Set
the enable password with the 'enable password' configuration command.
WARNING: The following 'static' statements do not appear to have a corresponding
'conduit' or 'access-list/access-group' pair:
static (inside,outside) 192.168.1.0 210.23.197.0 netmask 255.255.255.0 0 0
TRY THIS: Check that you require these static statements, and if so, consider
configuring an access-list/access-group pair (or conduit) for these statics.
WARNING: You have access-lists defined that are not applied in the configuration
with an 'access-group', 'crypto map', 'crypto dynamic-map', 'vpngroup {name}
split-tunnel' 'nat 0', 'aaa accounting match', 'aaa authentication match', or
'aaa authorization match' command:
access-list devping permit icmp any any
access-list devping permit ip host 192.168.1.1 any
TRY THIS: Make sure that these access-lists are required in your configuration.
(e.g. used for RADIUS authorization)
INFO: The following static statements reference an IP address that do not belong
to the same subnet as the referenced interface:
'static (inside, outside) 192.168.1.0 210.23.197.0 netmask 255.255.255.0'
references 'outside'
TRY THIS: If there is a router connected to the reference interface, it will
require static routes to the PIX for any non-connected subnet addresses.
INFO: Your 'Xlate' timeout is greater than 1 hour. The xlate timeout determines
the idle time until a translation slot is freed. You may increase system
performance by setting this timer to 1 hour with the configuration command,
'timeout xlate 1:00:00'.
Kind Regards,
Tom
