traffic can't cross pix [7:6895]

Sat, 02 Jun 2001 10:55:41 -0700 

   I have this problem. I can't ping anything outside
the pix from machines inside. Pix inside IP is the
default gateway for all the machines & they can ping
the gateway. I can also ping outside world from pix.
What is causing this problem...? I have pasted pix
configs below.  this is new pix & it never worked
before. I have seen identical pix configs working
earlier.

thanks_




PIX Version 5.2(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname pix-con
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
names
access-list 101 permit ip 192.168.0.0 255.255.255.0
192.168.100.0 255.255.255.0
access-list 102 permit ip 192.168.0.0 255.255.255.0
192.168.100.0 255.255.255.0
access-list check permit tcp any host 212.19.133.231
eq www
access-list check permit tcp any host 212.19.133.227
eq smtp
access-list check permit tcp any host 212.19.133.228
eq pop3
access-list check permit icmp any any
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
logging buffered warnings
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 212.19.133.226 255.255.255.240
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
static (inside,outside) 212.19.133.227 192.168.0.2
netmask 255.255.255.255 0 0
static (inside,outside) 212.19.133.228 192.168.0.3
netmask 255.255.255.255 0 0
static (inside,outside) 212.19.133.231 192.168.0.4
netmask 255.255.255.255 0 0
access-group check in interface outside
route outside 0.0.0.0 0.0.0.0 212.19.133.225 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00
rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set standard esp-des
esp-md5-hmac
crypto map peer_map 10 ipsec-isakmp
crypto map peer_map 10 match address 102
crypto map peer_map 10 set peer 212.46.19.194
crypto map peer_map 10 set transform-set standard
isakmp enable outside
isakmp key l9k834 address 212.46.19.194 netmask
255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 3600
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 15
terminal width 80




__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/
PIX Version 5.2(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname pix-con
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
names
access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.100.0
255.255.255.0
access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.100.0
255.255.255.0
access-list check permit tcp any host 212.19.133.231 eq www
access-list check permit tcp any host 212.19.133.227 eq smtp
access-list check permit tcp any host 212.19.133.228 eq pop3
access-list check permit icmp any any
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
logging buffered warnings
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 212.19.133.226 255.255.255.240
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
static (inside,outside) 212.19.133.227 192.168.0.2 netmask 255.255.255.255 0
0
static (inside,outside) 212.19.133.228 192.168.0.3 netmask 255.255.255.255 0
0
static (inside,outside) 212.19.133.231 192.168.0.4 netmask 255.255.255.255 0
0
access-group check in interface outside
route outside 0.0.0.0 0.0.0.0 212.19.133.225 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set standard esp-des esp-md5-hmac
crypto map peer_map 10 ipsec-isakmp
crypto map peer_map 10 match address 102
crypto map peer_map 10 set peer 212.46.19.194
crypto map peer_map 10 set transform-set standard
isakmp enable outside
isakmp key l9k834 address 212.46.19.194 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 3600
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 15
terminal width 80




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6895&t=6895
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to