Firewall Wizards mailing list archives
RE: PIX 520 Help.....
From: "Sonya Gilly" <sgilly () servicom2000 com>
Date: Tue, 21 Aug 2001 13:46:43 +0200
Hello Ross, In the "global (outside) 1" command you need to configure the public IP address you will use when going to Internet, something similar to the following: global (outside) 1 65.8.165.xx As Pixes can't do NAT with their own IP address, you will need an additional address. Hope this helps, Sonya -----Mensaje original----- De: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]En nombre de R. Corona Enviado el: lunes, 20 de agosto de 2001 15:05 Para: firewall-wizards () nfr com Asunto: [fw-wiz] PIX 520 Help..... Hello, Could anyone offer me a bit of advice? I have a PIX-520 (PIX OS ver 5.1(2))that I'm trying to get set up in a home lab (a work in progress). Here is a rough diagram of my humble network topology. Computer --------> Switch ---------> PIX 520-----------> Internet 192.168.1.25 no assigned IP inside 192.168.1.1 65.8.168.1 255.255.255.0 255.255.255.0 255.255.255.0 outside 65.8.168.98 255.255.255.0 I'm trying to be able to access the internet via NAT from my 192.168.1.25 box. If I try pinging outside to the net I get no reply whatsoever. I am able to ping the PIX inside interface (192.168.1.1) from my box (192.168.1.25). I'm also able to ping from my PIX (192.168.1.1) to my box (192.168.1.25). Furthermore, when I console into the PIX unit I can ping the internet (via outside interface) with no problems. I've copied my write t & icmp debug trace below, in hopes that someone may be able to see what's keeping this from working. ---------------------------------- pixfirewall(config)# wr t Building configuration... : Saved : PIX Version 5.1(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz1 security50 nameif ethernet3 dmz2 security75 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 names access-list acl_in permit icmp any any access-list acl_out permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor logging buffered debugging no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 100full interface ethernet1 100full interface ethernet2 auto shutdown interface ethernet3 auto shutdown mtu outside 1500 mtu inside 1500 mtu dmz1 1500 mtu dmz2 1500 ip address outside 65.8.165.98 255.255.255.0 ip address inside 192.168.1.1 255.255.255.0 ip address dmz1 192.168.2.1 255.255.255.0 ip address dmz2 192.168.3.1 255.255.255.0 no failover failover timeout 0:00:00 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address dmz1 0.0.0.0 failover ip address dmz2 0.0.0.0 arp timeout 14400 global (outside) 1 192.168.1.10-192.168.1.100 netmask 255.255.255.0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 65.8.234.1 1 timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable isakmp identity hostname telnet timeout 5 terminal width 80 Cryptochecksum:f7e04a2f1b968e9d4be1ece9ef53fdd9 : end [OK] -------------------------- Debug icmp trace command Outbound ICMP echo request (len 32 id 2 seq 3072) 192.168.1.25 > 192.168.1.10 > 4.2.2.1 Outbound ICMP echo request (len 32 id 2 seq 3328) 192.168.1.25 > 192.168.1.10 > 4.2.2.1 Outbound ICMP echo request (len 32 id 2 seq 3584) 192.168.1.25 > 192.168.1.10 > 4.2.2.1 -------------------------- If there's any other info that'd be helpful tell me please, I'll provide it. Everyone I really appreciate your help.... Thanks a lot, Ross _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX 520 Help..... R. Corona (Aug 20)
- Re: PIX 520 Help..... Avishai Wool (Aug 22)
- RE: PIX 520 Help..... Sonya Gilly (Aug 22)
- <Possible follow-ups>
- RE: PIX 520 Help..... Payne, Patrick (Aug 23)