Re: traffic can't cross pix [7:6895]

pat Wed, 06 Jun 2001 05:00:05 -0700
Thanks a lot for everybody's help.

I did clear xlate & changed  following command as
suggested by Rick & I think that fixed the problem. 

It is really strange...!!!

I changed original command 

global (outside) 1 interface

to new command

global (outside) 1 212.19.133.230 

 






--- Gareth Hinton 
wrote:
> Hi Pat,
> 
> Just so you don't think you're being ignored, I've
> sifted through every
> line, as much as anything to convert myself to the
> newer commands for the
> pix.
> I'm stuck as well. Can't see anything wrong with the
> config.
> I take it you already did a clear xlate/reload.
> What does show xlate give you.
> 
> Let us know the outcome.
> 
> Gaz
> 
> 
> 
> ""pat""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >    I have this problem. I can't ping anything
> outside
> > the pix from machines inside. Pix inside IP is the
> > default gateway for all the machines & they can
> ping
> > the gateway. I can also ping outside world from
> pix.
> > What is causing this problem...? I have pasted pix
> > configs below.  this is new pix & it never worked
> > before. I have seen identical pix configs working
> > earlier.
> >
> > thanks_
> >
> >
> >
> >
> > PIX Version 5.2(3)
> > nameif ethernet0 outside security0
> > nameif ethernet1 inside security100
> > hostname pix-con
> > fixup protocol ftp 21
> > fixup protocol http 80
> > fixup protocol h323 1720
> > fixup protocol rsh 514
> > fixup protocol smtp 25
> > fixup protocol sqlnet 1521
> > fixup protocol sip 5060
> > names
> > access-list 101 permit ip 192.168.0.0
> 255.255.255.0
> > 192.168.100.0 255.255.255.0
> > access-list 102 permit ip 192.168.0.0
> 255.255.255.0
> > 192.168.100.0 255.255.255.0
> > access-list check permit tcp any host
> 212.19.133.231
> > eq www
> > access-list check permit tcp any host
> 212.19.133.227
> > eq smtp
> > access-list check permit tcp any host
> 212.19.133.228
> > eq pop3
> > access-list check permit icmp any any
> > pager lines 24
> > logging on
> > no logging timestamp
> > no logging standby
> > no logging console
> > no logging monitor
> > logging buffered warnings
> > no logging trap
> > no logging history
> > logging facility 20
> > logging queue 512
> > interface ethernet0 auto
> > interface ethernet1 auto
> > mtu outside 1500
> > mtu inside 1500
> > ip address outside 212.19.133.226 255.255.255.240
> > ip address inside 192.168.0.1 255.255.255.0
> > ip audit info action alarm
> > ip audit attack action alarm
> > arp timeout 14400
> > global (outside) 1 interface
> > nat (inside) 0 access-list 101
> > nat (inside) 1 192.168.0.0 255.255.255.0 0 0
> > static (inside,outside) 212.19.133.227 192.168.0.2
> > netmask 255.255.255.255 0 0
> > static (inside,outside) 212.19.133.228 192.168.0.3
> > netmask 255.255.255.255 0 0
> > static (inside,outside) 212.19.133.231 192.168.0.4
> > netmask 255.255.255.255 0 0
> > access-group check in interface outside
> > route outside 0.0.0.0 0.0.0.0 212.19.133.225 1
> > timeout xlate 3:00:00
> > timeout conn 1:00:00 half-closed 0:10:00 udp
> 0:02:00
> > rpc 0:10:00 h323 0:05:00 si
> > p 0:30:00 sip_media 0:02:00
> > timeout uauth 0:05:00 absolute
> > aaa-server TACACS+ protocol tacacs+
> > aaa-server RADIUS protocol radius
> > no snmp-server location
> > no snmp-server contact
> > snmp-server community public
> > no snmp-server enable traps
> > floodguard enable
> > sysopt connection permit-ipsec
> > no sysopt route dnat
> > crypto ipsec transform-set standard esp-des
> > esp-md5-hmac
> > crypto map peer_map 10 ipsec-isakmp
> > crypto map peer_map 10 match address 102
> > crypto map peer_map 10 set peer 212.46.19.194
> > crypto map peer_map 10 set transform-set standard
> > isakmp enable outside
> > isakmp key l9k834 address 212.46.19.194 netmask
> > 255.255.255.255
> > isakmp identity address
> > isakmp policy 10 authentication pre-share
> > isakmp policy 10 encryption des
> > isakmp policy 10 hash md5
> > isakmp policy 10 group 1
> > isakmp policy 10 lifetime 3600
> > telnet 192.168.0.0 255.255.255.0 inside
> > telnet timeout 15
> > terminal width 80
> >
> >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get personalized email addresses from Yahoo! Mail
> - only $35
> > a year!  http://personal.mail.yahoo.com/
> > PIX Version 5.2(3)
> > nameif ethernet0 outside security0
> > nameif ethernet1 inside security100
> > hostname pix-con
> > fixup protocol ftp 21
> > fixup protocol http 80
> > fixup protocol h323 1720
> > fixup protocol rsh 514
> > fixup protocol smtp 25
> > fixup protocol sqlnet 1521
> > fixup protocol sip 5060
> > names
> > access-list 101 permit ip 192.168.0.0
> 255.255.255.0 192.168.100.0
> > 255.255.255.0
> > access-list 102 permit ip 192.168.0.0
> 255.255.255.0 192.168.100.0
> > 255.255.255.0
> > access-list check permit tcp any host
> 212.19.133.231 eq www
> > access-list check permit tcp any host
> 212.19.133.227 eq smtp
> > access-list check permit tcp any host
> 212.19.133.228 eq pop3
> > access-list check permit icmp any any
> > pager lines 24
> > logging on
> > no logging timestamp
> > no logging standby
> > no logging console
> > no logging monitor
> > logging buffered warnings
> > no logging trap
> > no logging history
> > logging facility 20
> > logging queue 512
> > interface ethernet0 auto
> > interface ethernet1 auto
> > mtu outside 1500
> > mtu inside 1500
> > ip address outside 212.19.133.226 255.255.255.240
> > ip address inside 192.168.0.1 255.255.255.0
> > ip audit info action alarm
> > ip audit attack action alarm
> > arp timeout 14400
> > global (outside) 1 interface
> > nat (inside) 0 access-list 101
> > nat (inside) 1 192.168.0.0 255.255.255.0 0 0
> > static (inside,outside) 212.19.133.227 192.168.0.2
> netmask 255.255.255.255
> 0
> > 0
> > static (inside,outside) 212.19.133.228 192.168.0.3
> netmask 255.255.255.255
> 0
> > 0
> > static (inside,outside) 212.19.133.231 192.168.0.4
> netmask 255.255.255.255
> 0
> > 0
> > access-group check in interface outside
> > route outside 0.0.0.0 0.0.0.0 212.19.133.225 1
> > timeout xlate 3:00:00
> 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7300&t=6895
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: traffic can't cross pix [7:6895]

Reply via email to
