Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX Version 7.0(2) - very strange problem

HI All,

i have a pix 515 with two ethernet port.

Problem: Pix work good but if i reload pix, inside network not access in internet (outside), if i reconfigure global and nat parameter it work correctly.

If there are error in my configuration , where is?

This is my sample configuration:

*****************************************

: Saved

: Written by enable_15 at 19:11:42.266 GMT Wed Sep 28 2005

PIX Version 7.0(2)

names

name 192.168.149.1 IperRouter

name 192.168.149.2 IperSwitch1

name 10.10.10.1 RouterISPTelecom

name 192.168.0.0 LocalLAN

!

interface Ethernet0

description Interfaccia Interna LOCAL

nameif inside

security-level 100

ip address 192.168.149.3 255.255.255.128

!

interface Ethernet1

description Interfaccia Esterna PUBBLIC

nameif outside

security-level 0

ip address 10.10.10.10 255.255.255.0

!

enable password xxxx

passwd xxxx

hostname PIXFW

domain-name sample.com

ftp mode passive

clock timezone GMT 1

object-group service USER-SERVICE tcp

port-object eq www

port-object eq domain

port-object eq https

access-list inside_out extended permit tcp 192.168.149.0 255.255.255.128 any object-group USER-SERVICE

pager lines 24

mtu inside 1500

mtu outside 1500

no failover

monitor-interface inside

monitor-interface outside

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 RouterISPTelecom 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username xxxx password xxxxx privilege 15

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp

telnet 192.168.149.4 255.255.255.255 inside

telnet timeout 60

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

Cryptochecksum:3feecbf2b67c2afd60867adbeec50c13

: end

*****************************************

1 REPLY
Cisco Employee

Re: PIX Version 7.0(2) - very strange problem

the config seems right. collect some syslog messages when it is failing (before you reconfigure the nat/global)

thanks

Nadeem

90
Views
0
Helpful
1
Replies
CreatePlease login to create content