Good to do a "show interface" to make sure they are up. Might want to do a "conduit permit icmp any any" to do some ping tests. I'm assuming that your outside interface is reachable from the Internet. Verified?
> -----Original Message----- > From: Symon Thurlow [mailto:[EMAIL PROTECTED]] > Sent: Sunday, January 12, 2003 7:57 PM > To: [EMAIL PROTECTED] > Subject: Learning PIX [7:60919] > > > Hi guys, > > I have begun to study the PIX. I have had exposure to them > recently, through > a couple of 515e's, and had no problem configuring them (with > PDM...). I > have plenty of Firewall experience, but very little with PIX. > > I now have a 520 with a 2MB flash card that I am using for study. This > machine came with the 5.1(2) code, so no PDM. This is good, > as I want to > learn to configure and troubleshoot them via command line anyway. > > I am following a Cisco Press PIX book, just to cut my teeth > and start to > learn the commands. I have 3 interfaces in the 520. > > I have created a very simple configuration, that should allow anyone > internally to get access to the Internet, globally nating to one valid > address. I want to get this working before getting in to more detail. > > When I try to gain access to the Internet through the PIX, it > does not work. > I have put a packet sniffer on the external segment and can > not see any > traffic coming from the PIX. If I do a show xlate I see nothing. I am > sending debug info to a SYSLOG server, but again see nothing > (except for > when I wr mem etc). > > I have pasted the config below, can any of you see where I > might be going > wrong. I have tried a few different ways to make this happen, > even copying > sample configs from CCO, but I can't seem to make it work. > > I am not looking for the answer, more a helping hand to point > me in the > right direction. > > Cheers, > > Symon > > PIX Version 5.1(2) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 DMZ security50 > enable password xxxxx > passwd xxxxx > hostname PIX1E > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > names > pager lines 24 > logging on > logging timestamp > no logging standby > logging console debugging > logging monitor debugging > logging buffered debugging > logging trap debugging > logging history debugging > logging facility 20 > logging queue 512 > logging host inside 172.16.1.56 > interface ethernet0 auto > interface ethernet1 auto > interface ethernet2 auto shutdown > mtu outside 1500 > mtu inside 1500 > mtu DMZ 1500 > ip address outside 217.204.228.199 255.255.255.240 > ip address inside 172.16.1.151 255.255.255.0 > ip address DMZ 127.0.0.1 255.255.255.255 > no failover > failover timeout 0:00:00 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > failover ip address DMZ 0.0.0.0 > arp timeout 14400 > global (outside) 1 217.204.228.201 > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > route outside 0.0.0.0 0.0.0.0 217.204.228.193 1 > timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00 > timeout rpc 0:10:00 h323 0:05:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > no snmp-server location > no snmp-server contact > snmp-server community public > no snmp-server enable traps > floodguard enable > isakmp identity hostname > telnet 172.16.1.0 255.255.255.0 inside > telnet 172.16.1.0 255.255.255.0 DMZ > telnet timeout 15 > terminal width 80 > Cryptochecksum:a83be0bed7aa987b7341550e07870a51 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60960&t=60919 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]