Oh yeah....I forgot to mention that if you want to ping the world from your LAN, you'll also need to add an outside access list, like:
access-list acl_outside permit icmp any any echo-reply access-group acl_outside in interface outside Sorry about leaving that out of the first message. Craig At 02:24 PM 7/14/2002 +0000, you wrote: >Team, >I just got my new baby Pix 501 (wow...how small it is, it looks like a >toy)....Below is my configuration, my problem is that Pat does not seems to >be able to work, I have cable-modem and they only provided one ip, I am able >to ping from the firewall to any pc on my LAN, I am able to ping from the >firewall to any ip on the Internet but I am not able to ping from any PC on >my LAN to any ip on the Internet, Be aware that this id the first time I am >using a Cisco Firewall, This morning I got the book Cisco Secure PIX >Firewall. Your help is very appreciated as always.......Another question, >The ios on this baby is the same on the high end firewalls, If I am able to >learn as much as my brain can take will I be able to configure a high-end >pix and feel comfortable..... > > >Thanks, (What I am doing wrong......) > > >JB > >pixfirewall# show config >: Saved >: >PIX Version 6.1(1) >nameif ethernet0 outside security0 >nameif ethernet1 inside security100 >enable password MTz0ptrM4U8gsjGv encrypted >passwd 2KFQnbNIdI.2KYOU encrypted >hostname pixfirewall >fixup protocol ftp 21 >fixup protocol http 80 >fixup protocol h323 1720 >fixup protocol rsh 514 >fixup protocol rtsp 554 >fixup protocol smtp 25 >fixup protocol sqlnet 1521 >fixup protocol sip 5060 >fixup protocol skinny 2000 >names >pager lines 24 >interface ethernet0 10baset >interface ethernet1 10full >mtu outside 1500 >mtu inside 1500 >ip address outside dhcp setroute >ip address inside 192.168.74.11 255.255.255.0 >ip audit info action alarm >ip audit attack action alarm >pdm logging informational 100 >pdm history enable >arp timeout 14400 >global (outside) 1 interface >nat (inside) 1 0.0.0.0 0.0.0.0 0 0 >timeout xlate 0:05:00 >timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 >0:05:00 sip 0:30:00 sip_media 0:02:00 >timeout uauth 0:05:00 absolute >aaa-server TACACS+ protocol tacacs+ >aaa-server RADIUS protocol radius >http server enable >http 192.168.74.11 255.255.255.0 inside >no snmp-server location >no snmp-server contact >snmp-server community public >no snmp-server enable traps >floodguard enable >no sysopt route dnat >telnet timeout 5 >ssh timeout 5 >dhcpd auto_config outside >terminal width 80 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48773&t=48760 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]