Try to see what happens with the following changes Remove: ip address outside 192.168.2.14 255.255.255.252 nat (inside) 0 216.6.24.0 255.255.255.0 0 0 static (inside,outside) 192.168.2.0 216.6.24.0 netmask 255.255.255.0 0 0 route outside 0.0.0.0 0.0.0.0 192.168.2.13 1 route inside 216.6.24.128 255.255.255.192 216.6.24.129 1
add: ip address outside 192.168.2.14 255.255.255.0 global (outside) 1 192.168.2.16-192.168.2.32 global (outside) 1 192.168.2.15 netmask 5.255.0 ---------------->for PAT nat (inside) 1 0 0 route outside 0.0.0.0 0.0.0.0 192.168.2.13 1 http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/exa mples.htm#xtocid137951 Murtaza ----- Original Message ----- From: "Avi" To: Sent: Friday, April 05, 2002 6:30 AM Subject: Question on PIX !!! [7:40489] > Hi, > > I am facing a problem on PIX 515 as described below. > Firewall: Cisco PIX 515 > Firewall Software Version: 4.4(7) > > PIX setup: > ---------- > > Host Mail Server > 216.6.24.130 216.6.24.185 (216.6.24.0 => Public AddressesValid > Internet Addresses) > | | > ------------------- > | > | > | > | - 216.6.24.130 255.255.255.192 > PIX > | - 192.168.2.14 /30 > | > | > | - 192.168.2.14 /30 > Inside > Router > | - 192.168.2.6 /30 > | > | > | - 192.168.2.5 /30 > ISP > Router > | > | |------------ Proxy > 192.118.52.54 > | | Server > ----------------------------| > | | | | > > > > PIX Configuration: > -------------------- > > PIX Version 4.4(7) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > enable password 8Ry2YjIyt7RRXU24 encrypted > passwd AoM2ZahaIYl9kEoj encrypted > hostname nungunungu > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > names > pager lines 24 > logging on > no logging timestamp > no logging console > no logging monitor > no logging buffered > no logging trap > logging facility 20 > logging queue 512 > interface ethernet0 auto > interface ethernet1 100basetx > mtu outside 1500 > mtu inside 1500 > ip address outside 192.168.2.14 255.255.255.252 > ip address inside 216.6.24.129 255.255.255.192 > no failover > failover timeout 0:00:00 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > arp timeout 14400 > nat (inside) 0 216.6.24.0 255.255.255.0 0 0 > static (inside,outside) 192.168.2.0 216.6.24.0 netmask 255.255.255.0 0 0 > conduit permit tcp host 216.6.24.177 eq smtp any > conduit permit tcp host 216.6.24.186 eq smtp any > conduit permit tcp any host 192.118.52.54 eq www > conduit permit icmp any any > conduit permit tcp host 216.6.24.189 host 216.6.24.5 eq ftp > conduit permit tcp host 216.6.24.189 host 216.6.24.5 eq ftp-data > conduit permit tcp host 216.6.24.185 host 216.6.24.40 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.10 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.5 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.19 eq 5001 > conduit permit tcp host 216.6.24.185 host 216.6.24.10 eq 5001 > conduit permit tcp host 216.6.24.185 host 216.6.24.5 eq 5001 > conduit permit tcp host 216.6.24.184 host 216.6.24.21 eq 3306 > conduit permit tcp host 216.6.24.184 host 216.6.24.28 eq 3306 > conduit permit tcp host 216.6.24.10 eq domain any > conduit permit tcp host 192.118.52.54 eq 8080 any > conduit permit tcp host 192.118.52.54 eq 3180 any > conduit permit tcp host 192.118.52.54 eq www any > no rip outside passive > no rip outside default > no rip inside passive > no rip inside default > route outside 0.0.0.0 0.0.0.0 192.168.2.13 1 > route inside 216.6.24.128 255.255.255.192 216.6.24.129 1 > timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00 > timeout rpc 0:10:00 h323 0:05:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > no snmp-server location > no snmp-server contact > snmp-server community mic-test-03 > no snmp-server enable traps > telnet 216.6.24.16 255.255.255.255 > telnet timeout 15 > terminal width 80 > > > PROBLEM: > -------------- > > From host 216.6.24.130 i am able to ping inside interface of the PIX but i > am not able to ping the outside inetrface, nor am i able to ping the inside > router. Sitting on the PIX i am able to to ping the inside host 216.6.24.130 > and the servers, also i am able to ping ISP router and the Proxy server at > ISP premieses. > > Why is my inside host not able to go beyond the inside interface of PIX ? > Have i missed on some configuration or have i typed certain command wrongly. > As 216.6.24.0 network are valid ip addresses so i don't want to use NAT. > > Kindly assist me on this. > > Thanxs & Rgds, > Avi. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40660&t=40489 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]