Re: traffic can't cross pix [7:6895]
Thanks a lot for everybody's help. I did clear xlate changed following command as suggested by Rick I think that fixed the problem. It is really strange...!!! I changed original command global (outside) 1 interface to new command global (outside) 1 212.19.133.230 --- Gareth Hinton wrote: Hi Pat, Just so you don't think you're being ignored, I've sifted through every line, as much as anything to convert myself to the newer commands for the pix. I'm stuck as well. Can't see anything wrong with the config. I take it you already did a clear xlate/reload. What does show xlate give you. Let us know the outcome. Gaz pat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have this problem. I can't ping anything outside the pix from machines inside. Pix inside IP is the default gateway for all the machines they can ping the gateway. I can also ping outside world from pix. What is causing this problem...? I have pasted pix configs below. this is new pix it never worked before. I have seen identical pix configs working earlier. thanks_ PIX Version 5.2(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pix-con fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 names access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list check permit tcp any host 212.19.133.231 eq www access-list check permit tcp any host 212.19.133.227 eq smtp access-list check permit tcp any host 212.19.133.228 eq pop3 access-list check permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered warnings no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 212.19.133.226 255.255.255.240 ip address inside 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) 212.19.133.227 192.168.0.2 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.228 192.168.0.3 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.231 192.168.0.4 netmask 255.255.255.255 0 0 access-group check in interface outside route outside 0.0.0.0 0.0.0.0 212.19.133.225 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set standard esp-des esp-md5-hmac crypto map peer_map 10 ipsec-isakmp crypto map peer_map 10 match address 102 crypto map peer_map 10 set peer 212.46.19.194 crypto map peer_map 10 set transform-set standard isakmp enable outside isakmp key l9k834 address 212.46.19.194 netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 3600 telnet 192.168.0.0 255.255.255.0 inside telnet timeout 15 terminal width 80 __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ PIX Version 5.2(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pix-con fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 names access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list check permit tcp any host 212.19.133.231 eq www access-list check permit tcp any host 212.19.133.227 eq smtp access-list check permit tcp any host 212.19.133.228 eq pop3 access-list check permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered warnings no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface
traffic can't cross pix [7:6895]
I have this problem. I can't ping anything outside the pix from machines inside. Pix inside IP is the default gateway for all the machines they can ping the gateway. I can also ping outside world from pix. What is causing this problem...? I have pasted pix configs below. this is new pix it never worked before. I have seen identical pix configs working earlier. thanks_ PIX Version 5.2(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pix-con fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 names access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list check permit tcp any host 212.19.133.231 eq www access-list check permit tcp any host 212.19.133.227 eq smtp access-list check permit tcp any host 212.19.133.228 eq pop3 access-list check permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered warnings no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 212.19.133.226 255.255.255.240 ip address inside 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) 212.19.133.227 192.168.0.2 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.228 192.168.0.3 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.231 192.168.0.4 netmask 255.255.255.255 0 0 access-group check in interface outside route outside 0.0.0.0 0.0.0.0 212.19.133.225 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set standard esp-des esp-md5-hmac crypto map peer_map 10 ipsec-isakmp crypto map peer_map 10 match address 102 crypto map peer_map 10 set peer 212.46.19.194 crypto map peer_map 10 set transform-set standard isakmp enable outside isakmp key l9k834 address 212.46.19.194 netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 3600 telnet 192.168.0.0 255.255.255.0 inside telnet timeout 15 terminal width 80 __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ PIX Version 5.2(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pix-con fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 names access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list check permit tcp any host 212.19.133.231 eq www access-list check permit tcp any host 212.19.133.227 eq smtp access-list check permit tcp any host 212.19.133.228 eq pop3 access-list check permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered warnings no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 212.19.133.226 255.255.255.240 ip address inside 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) 212.19.133.227 192.168.0.2 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.228 192.168.0.3 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.231 192.168.0.4 netmask 255.255.255.255 0 0 access-group check in interface outside route outside 0.0.0.0 0.0.0.0 212.19.133.225 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection
Re: traffic can't cross pix [7:6895]
Hi Pat, Just so you don't think you're being ignored, I've sifted through every line, as much as anything to convert myself to the newer commands for the pix. I'm stuck as well. Can't see anything wrong with the config. I take it you already did a clear xlate/reload. What does show xlate give you. Let us know the outcome. Gaz pat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have this problem. I can't ping anything outside the pix from machines inside. Pix inside IP is the default gateway for all the machines they can ping the gateway. I can also ping outside world from pix. What is causing this problem...? I have pasted pix configs below. this is new pix it never worked before. I have seen identical pix configs working earlier. thanks_ PIX Version 5.2(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pix-con fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 names access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list check permit tcp any host 212.19.133.231 eq www access-list check permit tcp any host 212.19.133.227 eq smtp access-list check permit tcp any host 212.19.133.228 eq pop3 access-list check permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered warnings no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 212.19.133.226 255.255.255.240 ip address inside 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) 212.19.133.227 192.168.0.2 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.228 192.168.0.3 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.231 192.168.0.4 netmask 255.255.255.255 0 0 access-group check in interface outside route outside 0.0.0.0 0.0.0.0 212.19.133.225 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set standard esp-des esp-md5-hmac crypto map peer_map 10 ipsec-isakmp crypto map peer_map 10 match address 102 crypto map peer_map 10 set peer 212.46.19.194 crypto map peer_map 10 set transform-set standard isakmp enable outside isakmp key l9k834 address 212.46.19.194 netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 3600 telnet 192.168.0.0 255.255.255.0 inside telnet timeout 15 terminal width 80 __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ PIX Version 5.2(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pix-con fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 names access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list check permit tcp any host 212.19.133.231 eq www access-list check permit tcp any host 212.19.133.227 eq smtp access-list check permit tcp any host 212.19.133.228 eq pop3 access-list check permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered warnings no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 212.19.133.226 255.255.255.240 ip address inside 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) 212.19.133.227 192.168.0.2 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.228 192.168.0.3 netmask 255.255.255.255 0
Re: traffic can't cross pix [7:6895]
HI Call TAC or search CCO. There is an ICMP bug in the 5.2 and 5.3 code. This _might_ be the problem. HTH -- John Hardman CCNP MCSE pat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have this problem. I can't ping anything outside the pix from machines inside. Pix inside IP is the default gateway for all the machines they can ping the gateway. I can also ping outside world from pix. What is causing this problem...? I have pasted pix configs below. this is new pix it never worked before. I have seen identical pix configs working earlier. thanks_ PIX Version 5.2(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pix-con fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 names access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list check permit tcp any host 212.19.133.231 eq www access-list check permit tcp any host 212.19.133.227 eq smtp access-list check permit tcp any host 212.19.133.228 eq pop3 access-list check permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered warnings no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 212.19.133.226 255.255.255.240 ip address inside 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) 212.19.133.227 192.168.0.2 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.228 192.168.0.3 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.231 192.168.0.4 netmask 255.255.255.255 0 0 access-group check in interface outside route outside 0.0.0.0 0.0.0.0 212.19.133.225 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set standard esp-des esp-md5-hmac crypto map peer_map 10 ipsec-isakmp crypto map peer_map 10 match address 102 crypto map peer_map 10 set peer 212.46.19.194 crypto map peer_map 10 set transform-set standard isakmp enable outside isakmp key l9k834 address 212.46.19.194 netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 3600 telnet 192.168.0.0 255.255.255.0 inside telnet timeout 15 terminal width 80 __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ PIX Version 5.2(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pix-con fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 names access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list check permit tcp any host 212.19.133.231 eq www access-list check permit tcp any host 212.19.133.227 eq smtp access-list check permit tcp any host 212.19.133.228 eq pop3 access-list check permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered warnings no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 212.19.133.226 255.255.255.240 ip address inside 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) 212.19.133.227 192.168.0.2 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.228 192.168.0.3 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.231 192.168.0.4 netmask 255.255.255.255 0 0 access-group check in interface outside route outside 0.0.0.0 0.0.0.0 212.19.133.225 1 timeout xlate 3:00:00
Re: traffic can't cross pix [7:6895]
Hello Pat, I concur with Gaz.the config looks fine. We are running the same version of finesse on some our PIX 515's with similar configs, and can pass icmp traffic. By adding the line permit icmp any anyit punches a hole in the ACA and allows the echo reply back in. I would try, as suggested by Gaz, clear xlate. Also, to make sure translation isn't failing and to watch the icmp traffic: debug icmp trace. Thanks, Mike Nygard pat wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have this problem. I can't ping anything outside the pix from machines inside. Pix inside IP is the default gateway for all the machines they can ping the gateway. I can also ping outside world from pix. What is causing this problem...? I have pasted pix configs below. this is new pix it never worked before. I have seen identical pix configs working earlier. thanks_ PIX Version 5.2(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pix-con fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 names access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list check permit tcp any host 212.19.133.231 eq www access-list check permit tcp any host 212.19.133.227 eq smtp access-list check permit tcp any host 212.19.133.228 eq pop3 access-list check permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered warnings no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 212.19.133.226 255.255.255.240 ip address inside 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) 212.19.133.227 192.168.0.2 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.228 192.168.0.3 netmask 255.255.255.255 0 0 static (inside,outside) 212.19.133.231 192.168.0.4 netmask 255.255.255.255 0 0 access-group check in interface outside route outside 0.0.0.0 0.0.0.0 212.19.133.225 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set standard esp-des esp-md5-hmac crypto map peer_map 10 ipsec-isakmp crypto map peer_map 10 match address 102 crypto map peer_map 10 set peer 212.46.19.194 crypto map peer_map 10 set transform-set standard isakmp enable outside isakmp key l9k834 address 212.46.19.194 netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 1 isakmp policy 10 lifetime 3600 telnet 192.168.0.0 255.255.255.0 inside telnet timeout 15 terminal width 80 __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ PIX Version 5.2(3) nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pix-con fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 names access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list check permit tcp any host 212.19.133.231 eq www access-list check permit tcp any host 212.19.133.227 eq smtp access-list check permit tcp any host 212.19.133.228 eq pop3 access-list check permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered warnings no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 212.19.133.226 255.255.255.240 ip address inside 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) 212.19.133.227 192.168.0.2