I have a Cisco PIX 501 firewall that I have problems setting up. No hosts on the inside can access the outside in any way. My old firewall didn't allow VPN and strangely enough I can get this to work on the new firewall. The firewall can ping and answer pings, but not the hosts. I have tried to configure the access-list according to instructions on the net but to no avail. Can anyone help?
The configuration after resetting and restoring basic information:
can you confirm the kinda VPN you are trying to establish with this PIX firewall ? Is it simple RAVPN clients forming the VPN connectivity with this PIX or is it a point to point VPN connectivity with this pix ?
also the link which you have followed to configure up the same and the configuration with which the VPN and ping is sucessfull..
Thanks everybody for the replies and your effort! It is greatly appreciated.
As requested I will elaborate. This is the configuration after a clean restart after which I have set up the basics. The hosts on the inside cannot get contact with the outside. As I mentioned the firewall can ping the world and vice versa.
My goals are primarily to get the firewall to work as one. I have a few servers I want to protect and make visible on the outside. Obviously these rules are not implemented yet.
Secondly I would like to make it possible to access the inside via VPN from home. It sounds like point to point, but I am unsure of any flavour differences? In some mysterious way I have gotten the VPN to work in previous attempts. Outside hosts have been able to log onto and access the inside. But for now that is not the problem. I think I can get it working again.
The outbound issue does occur independent of the VPN configuration or not. A VPN client connected could not connect with the outside.
This is the complete configuration as of now, and the inside hosts are unable to access the Internet.
One thought I have had is that the unit is faulty in some way? Should I send it in return?
Before throwing the firewall out, what are the basics for the hosts? You do not have icmp enabled. Enable it from any to any for troubleshooting. Then, make sure the hosts can ping the firewall and cand can ping the router in front of the firewall. Make sure the workstations have a proper gateway of 192.168.1.1 /24. Make sure the workstations have proper DNS servers configured. Maybe they can access the Internet.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :