03-12-2002 02:35 PM - edited 02-20-2020 10:00 PM
Here is the scenerio I need some 'eyes' on...
I've got a Pix 515 with the following ip addresses:
ip address outside 192.168.0.171 255.255.240.0
ip address inside 172.16.22.170 255.255.240.0
I have an ISP provided router with an assigned ip address (interface toward my network-inside) of 172.16.22.172 255.255.240.0
My inside WAN addresses are 172.x.x.x based, the PIX is connected to the router which is intern connected to the Internet.
I can't get the PIX to 'see' the Internet. Is this obvious or is an I looking at this too close? Since the PIX can't have the same network in both the inside and outside interfaces, I need to change the IP address on the router interface to something like 192.168.0.172 255.255.240.0 correct? ALso, what subnet mask should I be using on the outside interface? Does it matter?
PIX Config:
PIX Version 6.1(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 3S3gttdMHHpYY1g1 encrypted
passwd V91cv.FNALxoWU9j encrypted
hostname Madrid
domain-name prpa.org
fixup protocol ftp 21
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
fixup protocol http 80
names
pager lines 54
logging on
logging host inside 172.16.24.48
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 192.168.0.171 255.255.240.0
ip address inside 172.16.22.170 255.255.240.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 7200
nat (inside) 1 172.0.0.0 255.255.0.0 0 0
conduit permit tcp host 208.134.161.0 range 8194 8294 any
conduit permit udp host 208.134.161.0 range 48129 48192 any
conduit permit tcp host 205.183.246.0 range 8194 8294 any
conduit permit udp host 205.183.246.0 range 48129 48192 any
conduit permit tcp host 199.105.176.0 range 8194 8294 any
conduit permit udp host 199.105.176.0 range 48129 48192 any
conduit permit tcp host 199.105.184.0 range 8194 8294 any
conduit permit udp host 199.105.184.0 range 48129 48192 any
conduit permit icmp any any
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media
0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet 172.16.16.0 255.255.240.0 inside
telnet timeout 7
ssh timeout 5
terminal width 80
Cryptochecksum:60dfd17b91b517c302f7dfd3bd46f4c5
Madrid#
03-12-2002 09:14 PM
Hi,
1.The Pix outside and the rooouter inside should be in the same network ie 192.x.x.x 255.x.x.x
2.I dont see any route statement in your pix conf.Please add the routing statements
you should be through
All the best!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: