Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX Version 7.0(2) - very strange problem

HI All,

i have a pix 515 with two ethernet port.

Problem: Pix work good but if i reload pix, inside network not access in internet (outside), if i reconfigure global and nat parameter it work correctly.

If there are error in my configuration , where is?

This is my sample configuration:


: Saved

: Written by enable_15 at 19:11:42.266 GMT Wed Sep 28 2005

PIX Version 7.0(2)


name IperRouter

name IperSwitch1

name RouterISPTelecom

name LocalLAN


interface Ethernet0

description Interfaccia Interna LOCAL

nameif inside

security-level 100

ip address


interface Ethernet1

description Interfaccia Esterna PUBBLIC

nameif outside

security-level 0

ip address


enable password xxxx

passwd xxxx

hostname PIXFW


ftp mode passive

clock timezone GMT 1

object-group service USER-SERVICE tcp

port-object eq www

port-object eq domain

port-object eq https

access-list inside_out extended permit tcp any object-group USER-SERVICE

pager lines 24

mtu inside 1500

mtu outside 1500

no failover

monitor-interface inside

monitor-interface outside

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1

route outside RouterISPTelecom 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username xxxx password xxxxx privilege 15

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp

telnet inside

telnet timeout 60

ssh timeout 5

console timeout 0


class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp


service-policy global_policy global


: end


Cisco Employee

Re: PIX Version 7.0(2) - very strange problem

the config seems right. collect some syslog messages when it is failing (before you reconfigure the nat/global)



CreatePlease login to create content