02-09-2003 12:00 PM - edited 03-09-2019 02:01 AM
I can get out to the internet but the connections are not coming in, anyone have advice?
Here is my config
Building configuration...
: Saved
:
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ClN1H8LxKWZjaQL6 encrypted
passwd ClN1H8LxKWZjaQL6 encrypted
hostname PiX
domain-name ns1.gorilla.com
clock timezone EST -5
clock summer-time EDT recurring
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list 101 permit icmp any any
access-list 101 permit tcp 192.168.1.0 255.255.255.0 any
access-list 101 permit udp 192.168.1.0 255.255.255.0 any
access-list 110 permit tcp any host 24.129.142.118 eq www
access-list 110 permit tcp any host 24.129.142.118 eq ftp
access-list 110 permit tcp any host 24.129.142.118 eq pop3
access-list 110 permit tcp any host 24.129.142.118 eq smtp
access-list 110 permit udp any host 24.129.142.118 eq domain
access-list 110 permit tcp any host 24.129.142.118 eq ident
no pager
logging on
logging console debugging
logging monitor debugging
logging buffered debugging
logging trap debugging
interface ethernet0 auto
interface ethernet1 100full
mtu outside 1500
mtu inside 1500
ip address outside 24.129.142.118 255.255.255.252
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.50 255.255.255.255 inside
pdm location 192.168.1.5 255.255.255.255 inside
pdm location 0.0.0.0 255.255.255.252 outside
pdm location 192.168.1.5 255.255.255.255 outside
pdm logging notifications 500
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface www 192.168.1.5 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface ftp 192.168.1.5 ftp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface smtp 192.168.1.5 smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface domain 192.168.1.5 domain netmask 255.255.255.255 0 0
static (inside,outside) udp interface domain 192.168.1.5 domain netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pop3 192.168.1.5 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface ident 192.168.1.5 ident netmask 255.255.255.255 0 0
static (inside,outside) udp interface 113 192.168.1.5 113 netmask 255.255.255.255 0 0
static (outside,inside) tcp interface www 192.168.1.5 www netmask 255.255.255.255 0 0
access-group 110 in interface outside
rip outside passive version 1
rip inside default version 1
route outside 0.0.0.0 255.255.255.252 24.129.142.117 1
route outside 0.0.0.0 0.0.0.0 24.129.142.117 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa authorization command LOCAL
http server enable
http 192.168.1.5 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 inside
http 192.168.1.50 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 10
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
username ryan password icFEj5X32btgf670 encrypted privilege 15
privilege show level 0 command version
privilege show level 0 command curpriv
privilege show level 3 command pdm
privilege show level 3 command blocks
privilege show level 3 command ssh
privilege configure level 3 command who
privilege show level 3 command isakmp
privilege show level 3 command ipsec
privilege show level 3 command vpdn
privilege show level 3 command local-host
privilege show level 3 command interface
privilege show level 3 command ip
privilege configure level 3 command ping
privilege configure level 5 mode enable command configure
privilege show level 5 command running-config
privilege show level 5 command privilege
privilege show level 5 command clock
privilege show level 5 command ntp
terminal width 80
Cryptochecksum:5ccd5cebea09133bea27c368aba2d2db
: end
[OK]
02-11-2003 07:24 AM
192.168.1.5 can get out to the internet fine, that is a good point though :).
My most recent config is above.
If anyone has a config they would like to suggest I will wipe mine and try yours, but I still don't get why the one I have isn't working.
02-10-2003 04:43 PM
You have two static statements in there. The first one is correct and the second is incorrect. Get rid of the second one and then "cle xlate".
Bad--> static (outside,inside) tcp interface www 192.168.1.5 www netmask 255.255.255.255
02-10-2003 05:10 PM
That was removed a while ago, please refer to the most recent config that I placed, I've changed somethings.
Thank you for your help :)
-Ryan
02-11-2003 06:57 AM
Config looks fine. I would add deny any any at the end of ACL 110 to see if anything is being blocked in the log. You can also debug packets on the outside interface to look at traffic flow. Are there any hit counts on ACL 110? If not, traffic is not reaching the outside interface for those ports.
show xlate to view current translations and show conns for current connections.
02-11-2003 01:58 PM
Apparently it is working now, out of nowhere... I don't get it, but I called my cable company to check into it and they said they could resolve port 80 and saw the "pix is finally working"message.
I am unable to open http://24.129.142.118 from within the LAN but people tell me it works from outside, any ideas why it doesn't open internally? It will if I use the local IP but no the external one.
02-11-2003 02:04 PM
It's because the pix won't route a packet out of the interface it came in on.
Rgds
Kev
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: