Thanks Everyone, I thought that the pix would automatically assign dns servers to the clents if you have dhcpd auto turned on on the outside interface. I was wrong. I manually added dhcp to one client and ..BANG!! I was on google.com..LOL.. I then configured dhcpd on the inside interface with a private pool and all is well.. Thank you all.. I couldnt have done it w/o you..I guess the outside interface doesnt care about dns.. Oh yeah -- no need for route outside statement..I did a show route and 'setroute' is doing his job just fine..
-Kevin >From: Craig Columbus >To: "Kevin O'Gilvie" >CC: [EMAIL PROTECTED] >Subject: Re: Can get it to work (Pix 515 behind cable modem [7:49744] >Date: Fri, 26 Jul 2002 12:09:50 -0400 > >Kevin, > >Kim's right... If you've posted your entire config, then you've not opened >any ports. By default, the PIX won't allow traffic through. You have to >specifically enable what you want. >Create an access list and apply it to the inside interface: > >access-list acl_inside permit ip any any >access-group acl_inside in interface inside > >Craig > > > > > >At 03:49 PM 7/26/2002 +0000, you wrote: >>hi Kim, >> >>Thanks for your advice, ill try it.. >> >>-Kevin >> >> >From: Kim Graham >> >To: "Kevin O'Gilvie" , >> >Subject: Re: Can get it to work (Pix 515 behind cable modem) [7:49744] >> >Date: Fri, 26 Jul 2002 7:34:51 -0400 >> > >> >I am new to the pix so please verify these entries before you try them >> >(older version of pix) you need to add conduit statements. This version >>of >> >PIX (6.2(2)) may be able to use access lists so check on that prior to >> >putting in the conduits. Once you have entered the conduit statements >> >clear the xlate and then try to initiate a session to the outside world. >> >(show conduit, show xlate, clear xlate) >> > >> >example: >> >conduit permit icmp any any >> >conduit permit tcp any any eq www >> > >> >Kim >> > >> > > >> > > From: "Kevin O'Gilvie" >> > > Date: 2002/07/26 Fri AM 01:20:23 EDT >> > > To: [EMAIL PROTECTED] >> > > Subject: Can get it to work (Pix 515 behind cable modem) [7:49744] >> > > >> > > Dear All, >> > > >> > > Below is my config. >> > > Can someone tell me why ckients on the inside interface cant get to >>the >> > > internet (browwse, ping, nothing) >> > > Yet show xlate shows clients Pat(ing) to outside address.. >> > > I am so frustrated, dont know whats the issue???!!! >> > > >> > > PIX Version 6.2(2) >> > > nameif ethernet0 outside security0 >> > > nameif ethernet1 inside security100 >> > > nameif ethernet2 dmz security50 >> > > enable password 8Ry2YjIyt7RRXU24 encrypted >> > > passwd 2KFQnbNIdI.2KYOU encrypted >> > > hostname pixfirewall >> > > fixup protocol ftp 21 >> > > fixup protocol http 80 >> > > fixup protocol h323 h225 1720 >> > > fixup protocol h323 ras 1718-1719 >> > > fixup protocol ils 389 >> > > fixup protocol rsh 514 >> > > fixup protocol rtsp 554 >> > > fixup protocol sqlnet 1521 >> > > fixup protocol sip 5060 >> > > fixup protocol skinny 2000 >> > > no fixup protocol smtp 25 >> > > names >> > > pager lines 24 >> > > logging on >> > > logging trap debugging >> > > logging host inside 192.168.0.2 >> > > interface ethernet0 100full >> > > interface ethernet1 100full >> > > interface ethernet2 100full >> > > mtu outside 1500 >> > > mtu inside 1500 >> > > mtu dmz 1500 >> > > ip address outside dhcp setroute >> > > ip address inside 192.168.0.1 255.255.255.0 >> > > ip address dmz 127.0.0.1 255.255.255.255 >> > > ip audit info action alarm >> > > ip audit attack action alarm >> > > pdm history enable >> > > arp timeout 14400 >> > > global (outside) 1 interface >> > > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 >> > > timeout xlate 0:30:00 >> > > timeout conn 0:15:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 >> > > 0:05:00 si >> > > p 0:30:00 sip_media 0:02:00 >> > > timeout uauth 0:05:00 absolute >> > > aaa-server TACACS+ protocol tacacs+ >> > > aaa-server RADIUS protocol radius >> > > aaa-server LOCAL protocol local >> > > no snmp-server location >> > > no snmp-server contact >> > > snmp-server community public >> > > no snmp-server enable traps >> > > floodguard enable >> > > sysopt connection permit-ipsec >> > > sysopt connection permit-pptp >> > > no sysopt route dnat >> > > telnet 192.168.0.2 255.255.255.255 inside >> > > telnet timeout 60 >> > > ssh timeout 5 >> > > dhcpd auto_config outside >> > > terminal width 80 >> > > Cryptochecksum:0d7e04757f9b50f2a77acb163265e3ea >> > > : end >> > > [OK] >> > > >> > > _________________________________________________________________ >> > > Send and receive Hotmail on your mobile device: http://mobile.msn.com >>_________________________________________________________________ >>Send and receive Hotmail on your mobile device: http://mobile.msn.com _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49977&t=49744 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
