I was reading the CSPFF and CSPFA course notes earlier this week. Just started to pick up on PIX firewall. My understanding is that a host cannot share the same IP address on the same segment. Therefore I thought I ought to use a different IP address for the global statement. You may want to try out Patrick Ramsey's configuration of using the same outside IP address for the global statement. As for the inside route, I wanted to maintain a single default route. Furthermore, when you "sh route", there will be a route pointing to the inside network. That was how I came to the conclusion that you need to change the global statement and remove the inside route statement. cheekin ----- Original Message ----- From: "Pierre-Alex" To: "cheekin" ; Sent: Wednesday, August 08, 2001 23:35 Subject: RE: Can't ping outside of PIX [7:15205]---- FIXED > > > I changed the global statement to another IP address and the PC was able to > ping on the Internet. > > I also removed the inside route and the PC was still able to ping ... > > I am curious. Where did you find this information? I used: > > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v4/pixcfg/pixc > ncfg.htm > > Pierre-Alex > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > cheekin > Sent: Wednesday, August 08, 2001 8:27 AM > To: [EMAIL PROTECTED] > Subject: Re: Can't ping outside of PIX [7:15205] > > > I think you will need to give a different range of IP address for the global > statement. The global statement and the outside interface are using the > same ip address. > > I also think that the route inside statement is not necessary in this case. > You can use sh route to display the routing table. > > PIX gurus, correct me if I am wrong. > > > cheekin > > ----- Original Message ----- > From: "Pierre-Alex" > To: > Sent: Wednesday, August 08, 2001 11:34 > Subject: Can't ping outside of PIX [7:15205] > > > > I have spent the all day on the problem below and I still can't see what I > > did wrong. > > > > Can you help? > > > > The PC can ping the inside ip address of the firewall > > The Firewall can ping the default-gateway and anything on the Internet > > But I cannot get the PC to ping the outside IP address of the firewall > > (208.136.247.214) > > or anything outside like (206.26.90.8). > > > > > > |PC|(1)----------(2)|PIX|(3)-----------------(4)--DSL MODEM > > > > PC (1): ip address 10.1.1.12 > > subnet mask: 255.255.255.0 > > default gateway: 10.1.1.10 > > > > PIX (2): ip adddress 10.1.1.10 > > subnet mask: 255.255.255.0 > > > > PIX (3i ip address 208.136.247.214 > > subnet mask: 255.255.255.0 > > > > DSL MODEM (4): ip address 208.136.247.1 > > subnet mask: 255.255.255.0 > > > > > > > > PIX Version 4.0.7 > > enable password 8Ry2YjIyt7RRXU24 encrypted > > passwd kIQggKv8.UiICW/r encrypted > > hostname pixfirewall > > failover > > names > > syslog output 20.3 > > no syslog console > > interface ethernet outside 10baset > > interface ethernet inside 10baset > > ip address inside 10.1.1.10 255.255.255.0 > > ip address outside 208.136.247.214 255.255.255.0 > > arp timeout 14400 > > global 1 208.136.247.214-208.136.247.214 > > nat 1 0.0.0.0 0.0.0.0 > > age 10 > > no rip outside passive > > no rip outside default > > no rip inside passive > > no rip inside default > > route outside 0.0.0.0 0.0.0.0 208.136.247.1 1 > > route inside 0.0.0.0 0.0.0.0 10.1.1.12 > > timeout xlate 24:00:00 conn 12:00:00 udp 0:02:00 > > timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00 > > no snmp-server location > > no snmp-server contact > > mtu outside 1500 > > mtu inside 1500 > > : end > > [OK] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15451&t=15451 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
