Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Pix FW 515E - Cannot ping outside interfaces

I am configuring FW 515E. Attached is the config file.

Cat 4510R ---->FW 515E ----> ISP Router

Cat 4510 has five vlans on it

1) From host on the network I can only ping the inside interface. I cannot ping outside

2)From firewall console I am able to ping both INSIDE and OUTSIDE without any problem

3) I cannot go to internet from insdie. No browsing

Can anyone please help??? I have to get this firewall up and running by end of Tomorrow.

8 REPLIES
New Member

Re: Pix FW 515E - Cannot ping outside interfaces

Hi, You hav to change the natting commands as below. & if you want to ping outside interface of PIX then u shud use ICMP permit any any outside command.

global (outside) 2 A.B.C.D-A.B.C.Z netmask 255.255.C.D

global (outside) 1 A.B.C.C netmask 255.255.C.D

nat (inside) 2 192.168.4.0 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0

Please do rate if it helps.

Ninja

New Member

Re: Pix FW 515E - Cannot ping outside interfaces

Hi Ninja,

Thank you very much for the reply. Attached is my network diagram. I have total of 5 vlans (including mgmt vlan). Do I need to add nat & global for each vlan? How will I do it? I want to use one global pool for all of them? Can you please let me know?

Thank you,

Mili

New Member

Re: Pix FW 515E - Cannot ping outside interfaces

Hi Mili, Configure natting like this way

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

it will do nat from all vlans IP & natted to outside interface IP. If you want to define the pool of address then replace interface with pool of public IPs.

If it helps pease do rate this post.

Ninja

New Member

Re: Pix FW 515E - Cannot ping outside interfaces

remember if u r doing NAT on firewall then dont do NAT on Router.

Ninja

New Member

Re: Pix FW 515E - Cannot ping outside interfaces

Router belongs to ISP. I don't think they are doing NAT.

I changed my nat

nat(inside)1 192.168.4.0 255.55.255.0 A.B.C.D

nat(inside)1 192.168.5.0 255.55.255.0 A.B.C.D

nat(inside)1 192.168.98.0 255.55.255.0 A.B.C.D

nat(inside)1 192.168.99.0 255.55.255.0 A.B.C.D

Now, problem is all the networks except .98 can access internet. I am not sure what is going on.

On switch cat4510 R there are no policies or access lists.

Nothing on the firewall also. Why would .98 not work and all other work?

New Member

Re: Pix FW 515E - Cannot ping outside interfaces

mili, I suggest you to do dynamic nat instead of static NAT (Pool) just give a try with

global (outside) 1 interface

nat(inside)1 192.168.4.0 255.55.255.0 A.B.C.D

nat(inside)1 192.168.5.0 255.55.255.0 A.B.C.D

nat(inside)1 192.168.98.0 255.55.255.0 A.B.C.D

nat(inside)1 192.168.99.0 255.55.255.0 A.B.C.D

nat(inside) 1 192.168.1.0 255.255.255.0 A.B.C.D

try it out..

New Member

Re: Pix FW 515E - Cannot ping outside interfaces

another way of doing it is just define global statement with ur pool of IPs & in nat statements u can define as below

nat(inside) 1 192.168.0.0 255.255.0.0

so this nat will include all the networks which u hv inside the pix.

Thanks

which ever works configure that.

Ninja

New Member

Re: Pix FW 515E - Cannot ping outside interfaces

Hi Ninja,

All the suggestions that you suggested are workable.

Excellent input. Thank you so much for your help !!!

-Mili

300
Views
25
Helpful
8
Replies
CreatePlease to create content