Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1221
Views
0
Helpful
1
Replies

PIX 515 Setup Problem

smiths@prpa.org
Level 1
Level 1

‎03-12-2002 02:35 PM - edited ‎02-20-2020 10:00 PM

Here is the scenerio I need some 'eyes' on...

I've got a Pix 515 with the following ip addresses:

ip address outside 192.168.0.171 255.255.240.0

ip address inside 172.16.22.170 255.255.240.0

I have an ISP provided router with an assigned ip address (interface toward my network-inside) of 172.16.22.172 255.255.240.0

My inside WAN addresses are 172.x.x.x based, the PIX is connected to the router which is intern connected to the Internet.

I can't get the PIX to 'see' the Internet. Is this obvious or is an I looking at this too close? Since the PIX can't have the same network in both the inside and outside interfaces, I need to change the IP address on the router interface to something like 192.168.0.172 255.255.240.0 correct? ALso, what subnet mask should I be using on the outside interface? Does it matter?

PIX Config:

PIX Version 6.1(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 3S3gttdMHHpYY1g1 encrypted

passwd V91cv.FNALxoWU9j encrypted

hostname Madrid

domain-name prpa.org

fixup protocol ftp 21

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

fixup protocol http 80

names

pager lines 54

logging on

logging host inside 172.16.24.48

interface ethernet0 auto

interface ethernet1 auto

mtu outside 1500

mtu inside 1500

ip address outside 192.168.0.171 255.255.240.0

ip address inside 172.16.22.170 255.255.240.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 7200

nat (inside) 1 172.0.0.0 255.255.0.0 0 0

conduit permit tcp host 208.134.161.0 range 8194 8294 any

conduit permit udp host 208.134.161.0 range 48129 48192 any

conduit permit tcp host 205.183.246.0 range 8194 8294 any

conduit permit udp host 205.183.246.0 range 48129 48192 any

conduit permit tcp host 199.105.176.0 range 8194 8294 any

conduit permit udp host 199.105.176.0 range 48129 48192 any

conduit permit tcp host 199.105.184.0 range 8194 8294 any

conduit permit udp host 199.105.184.0 range 48129 48192 any

conduit permit icmp any any

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media

0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet 172.16.16.0 255.255.240.0 inside

telnet timeout 7

ssh timeout 5

terminal width 80

Cryptochecksum:60dfd17b91b517c302f7dfd3bd46f4c5

Madrid#

0 Helpful
1 Reply 1

s-ariga
Level 1
Level 1

‎03-12-2002 09:14 PM

Hi,

1.The Pix outside and the rooouter inside should be in the same network ie 192.x.x.x 255.x.x.x

2.I dont see any route statement in your pix conf.Please add the routing statements

you should be through

All the best!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card