+ Post New Thread
Results 1 to 4 of 4
Internet Related/Filtering/Firewall Thread, No internet thru Cisco PIX 506e in Technical; I have a Cisco PIX 506e that has been reset and basic configuration has been entered. Problem is, I cant ...
  1. #1
    detjo's Avatar
    Join Date
    Feb 2008
    Posts
    355
    Thank Post
    13
    Thanked 47 Times in 39 Posts
    Rep Power
    31

    No internet thru Cisco PIX 506e

    I have a Cisco PIX 506e that has been reset and basic configuration has been entered.
    Problem is, I cant get on the web thru it.
    I have trawled the net looking for help and no matter what I try it doesnt seem to fix the problem.
    Here is my running config ... can anyone see what the problem is?

    Code:
    PIX Version 6.3(4)
    interface ethernet0 100full
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    hostname DnetPIX
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside 192.168.1.3 255.255.255.0
    ip address inside 192.168.113.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location 192.168.113.5 255.255.255.255 inside
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    route outside 0.0.0.0 0.0.0.0 192.168.113.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+ 
    aaa-server TACACS+ max-failed-attempts 3 
    aaa-server TACACS+ deadtime 10 
    aaa-server RADIUS protocol radius 
    aaa-server RADIUS max-failed-attempts 3 
    aaa-server RADIUS deadtime 10 
    aaa-server LOCAL protocol local 
    http server enable
    http 192.168.113.5 255.255.255.255 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    terminal width 80
    : end
    [OK]

  2. #2
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,421
    Thank Post
    508
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    first of all t#you have NAT setup, make sure your settings are correct because to me it looks like there could be a setting off. I havent actually worked on Pixies before as we have a dedicated security man for the job BUT

    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    route outside 0.0.0.0 0.0.0.0 192.168.113.1 1
    reading your config it looks like you are trying to NAT to the same device.

    for example

    p address inside 192.168.113.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location 192.168.113.5 255.255.255.255 inside
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    route outside 0.0.0.0 0.0.0.0 192.168.113.1 1

    see your IP inside is 192.168.113.1 255.255.255.0, but your are trying to route to route outside 0.0.0.0 0.0.0.0 192.168.113.1 1 so it looks like it is trying to route to itself rather than the outbound Internet router. and also nat (inside) 1 0.0.0.0 0.0.0.0 0 0.

    The way i would try is:

    ip address outside 192.168.1.3 255.255.255.0
    ip address inside 192.168.113.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location 192.168.113.5 255.255.255.255 inside
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 192.168.113.1 192.168.1.3 0 0
    route outside 192.168.1.3 192.168.113.1

    but then I dont touch that kind of thing cause I was 100% with this but have forgotten quite alot I'd try it anyway and see.

    im not sure pixies can route the same way the dedicated routers can, im sure the PIX is packet Internet Exchanage which basically means it's a hardware firewall rather than an actual router.

    Best of Luck.

  3. #3
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,421
    Thank Post
    508
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    actually I have just noticed that you havent got an y ACL's set on your interfaces, you need ACL's as this is like a set of rules in which the PIX will follow permitting or denying by IP.

    Hope this helps.

  4. Thanks to cpjitservices from:

    detjo (3rd February 2011)

  5. #4

    Join Date
    Dec 2010
    Posts
    1
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by detjo View Post
    I have a Cisco PIX 506e that has been reset and basic configuration has been entered.
    Problem is, I cant get on the web thru it.
    I have trawled the net looking for help and no matter what I try it doesnt seem to fix the problem.
    Here is my running config ... can anyone see what the problem is?
    Code:
    [snip]
    
    ip address outside 192.168.1.3 255.255.255.0
    ip address inside 192.168.113.1 255.255.255.0
    
    [snip]
    
    route outside 0.0.0.0 0.0.0.0 192.168.113.1 1
    This last statement is the default route on PIXen - at the moment it looks as if this is set to a device on the internal network, rather than the address of the router for your internet connection.

    If the address of your router is 192.168.1.254, then change the route statement to be

    route outside 0.0.0.0 0.0.0.0 192.168.1.254

  6. Thanks to Duck_Fat from:

    detjo (3rd February 2011)

SHARE:
+ Post New Thread

Similar Threads

  1. Cisco Pix 515E upgrade help
    By timbo343 in forum Hardware
    Replies: 2
    Last Post: 15th September 2008, 12:13 PM
  2. Cisco Pix 515e
    By JamesC in forum Wireless Networks
    Replies: 11
    Last Post: 25th January 2008, 01:47 AM
  3. Cisco PIX 515E UR License Help
    By Princey in forum Wireless Networks
    Replies: 1
    Last Post: 5th October 2007, 10:53 AM
  4. Cisco PIX, HP Procurve or just ISA?
    By mrforgetful in forum Wireless Networks
    Replies: 2
    Last Post: 5th September 2007, 10:21 AM
  5. Hyperterminal to cisco pix
    By timbo343 in forum Hardware
    Replies: 2
    Last Post: 9th November 2006, 03:28 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •