No announcement yet.

pix 515E Help needed bad

  • Filter
  • Time
  • Show
Clear All
new posts

  • pix 515E Help needed bad

    Here is my issue. I am new to the pix and need to get this setup today. I can ping and traceroute to the outside world from the pix. I can ping the pix from my router. I can ping the pix from my workstation, but i cannot reach the outside world from my workstation. Here is my cocnfig. Any help would be greatly appriciated.

    Thanks MIke

    GA-PIX# sh run
    : Saved
    PIX Version 8.0(4)32
    hostname xx-PIX
    enable password 
    interface Ethernet0
     nameif outside
     security-level 0
     ip address
    interface Ethernet1
     nameif inside
     security-level 100
     ip address x.x.x.x
    banner login                          ****** W A R N I N G ******
    banner login                          AND WILL BE PROSECUTED BY LAW.
    banner login   By accessing this system, you agree that your actions may be monitored. This
    banner login computer system, including all related equipment, network devices, specifically
    banner login including Internet access, are provided only for authorized use.  All computer
    banner login systems may be monitored for all lawful purposes, including to ensunore that their
    banner login use is authorized, to manage the system, to facilitate protection against
    banner login unauthorized access, and to verify security procedures, survivability and opera-
    banner login tional security. Monitoring includes active attacks by authorized personnel and
    banner login their entities to test or verify the security of the system. During monitoring,
    banner login information may be examined, recorded, copied and used for authorized purposes.
    banner login    All information including personal information, placed on or sent over this
    banner login system may be monitored. Uses of this system, authorized or unauthorized,
    banner login constitutes consent to monitoring of this system. Unauthorized use may subject
    banner login you to criminal prosecution. Evidence of any such unauthorized use collected
    banner login during monitoring may be used for administrative, criminal or other adverse
    banner login action. Use of this system constitutes consent to monitoring for these purposes.
    banner login                          ****** W A R N I N G ******
    ftp mode passive
    pager lines 24
    logging enable
    logging timestamp
    logging buffered debugging
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    nat (inside) 1
    route outside 1
    route inside x.x.x.x x.x.x.x 1
    route inside x.x.x.x x.x.x.x 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    url-server (inside) vendor websense host x.x.x.x timeout 30 protocol TCP version 4 connections 5
    filter url except x.x.x.x
    filter url http allow
    filter https 443 allow
    filter ftp 21 allow
    http server enable
    http x.x.x.x inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet x.x.x.x inside
    telnet x.x.x.x inside
    telnet timeout 5
    ssh x.x.x.x inside
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    url-block url-mempool 1500
    url-block url-size 4
    url-block block 128
    ntp server
    class-map inspection_default
     match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
    service-policy global_policy global
    prompt hostname context
    : end
    Last edited by jnmsnow; 13th August 2010, 14:10.

  • #2
    Re: pix 515E Help needed bad

    route outside 1
    interface Ethernet0
     nameif outside
     security-level 0
     ip address
    You cannot route to the outside interface. It needs to be the next hop.
    Can you draw up a little diagram of your network? What is your pix connected to?
    CCNA, Network+