Avi, Sounds like your ISP router and inside router might not have a route to 216.6.24.130 255.255.255.192. (I am assuming you have a default route on your 216.6.24.130 network devices pointing to inside IP of the PIX, therefore your devices should be able to get to the inside router).
Check/post your inside router ip routing table. thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] www.optsys.net (Cisco hardware) ""Avi"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > > I am facing a problem on PIX 515 as described below. > Firewall: Cisco PIX 515 > Firewall Software Version: 4.4(7) > > PIX setup: > ---------- > > Host Mail Server > 216.6.24.130 216.6.24.185 (216.6.24.0 => Public AddressesValid > Internet Addresses) > | | > ------------------- > | > | > | > | - 216.6.24.130 255.255.255.192 > PIX > | - 192.168.2.14 /30 > | > | > | - 192.168.2.14 /30 > Inside > Router > | - 192.168.2.6 /30 > | > | > | - 192.168.2.5 /30 > ISP > Router > | > | |------------ Proxy > 192.118.52.54 > | | Server > ----------------------------| > | | | | > > > > PIX Configuration: > -------------------- > > PIX Version 4.4(7) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > enable password 8Ry2YjIyt7RRXU24 encrypted > passwd AoM2ZahaIYl9kEoj encrypted > hostname nungunungu > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > names > pager lines 24 > logging on > no logging timestamp > no logging console > no logging monitor > no logging buffered > no logging trap > logging facility 20 > logging queue 512 > interface ethernet0 auto > interface ethernet1 100basetx > mtu outside 1500 > mtu inside 1500 > ip address outside 192.168.2.14 255.255.255.252 > ip address inside 216.6.24.129 255.255.255.192 > no failover > failover timeout 0:00:00 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > arp timeout 14400 > nat (inside) 0 216.6.24.0 255.255.255.0 0 0 > static (inside,outside) 192.168.2.0 216.6.24.0 netmask 255.255.255.0 0 0 > conduit permit tcp host 216.6.24.177 eq smtp any > conduit permit tcp host 216.6.24.186 eq smtp any > conduit permit tcp any host 192.118.52.54 eq www > conduit permit icmp any any > conduit permit tcp host 216.6.24.189 host 216.6.24.5 eq ftp > conduit permit tcp host 216.6.24.189 host 216.6.24.5 eq ftp-data > conduit permit tcp host 216.6.24.185 host 216.6.24.40 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.10 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.5 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.19 eq 5001 > conduit permit tcp host 216.6.24.185 host 216.6.24.10 eq 5001 > conduit permit tcp host 216.6.24.185 host 216.6.24.5 eq 5001 > conduit permit tcp host 216.6.24.184 host 216.6.24.21 eq 3306 > conduit permit tcp host 216.6.24.184 host 216.6.24.28 eq 3306 > conduit permit tcp host 216.6.24.10 eq domain any > conduit permit tcp host 192.118.52.54 eq 8080 any > conduit permit tcp host 192.118.52.54 eq 3180 any > conduit permit tcp host 192.118.52.54 eq www any > no rip outside passive > no rip outside default > no rip inside passive > no rip inside default > route outside 0.0.0.0 0.0.0.0 192.168.2.13 1 > route inside 216.6.24.128 255.255.255.192 216.6.24.129 1 > timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00 > timeout rpc 0:10:00 h323 0:05:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > no snmp-server location > no snmp-server contact > snmp-server community mic-test-03 > no snmp-server enable traps > telnet 216.6.24.16 255.255.255.255 > telnet timeout 15 > terminal width 80 > > > PROBLEM: > -------------- > > From host 216.6.24.130 i am able to ping inside interface of the PIX but i > am not able to ping the outside inetrface, nor am i able to ping the inside > router. Sitting on the PIX i am able to to ping the inside host 216.6.24.130 > and the servers, also i am able to ping ISP router and the Proxy server at > ISP premieses. > > Why is my inside host not able to go beyond the inside interface of PIX ? > Have i missed on some configuration or have i typed certain command wrongly. > As 216.6.24.0 network are valid ip addresses so i don't want to use NAT. > > Kindly assist me on this. > > Thanxs & Rgds, > Avi. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40588&t=40489 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
