No announcement yet.

Pix 506e in a router on a stick config

  • Filter
  • Time
  • Show
Clear All
new posts

  • Pix 506e in a router on a stick config


    I am trying to implement a PIX 506e into a router on a stick configuration. I have attached a network diagram picture to illustrate what it is I am attempting to achieve. I have three networks - the home user network (192.168.1.x), VLAN2 (192.168.2.x) where the PIX and 2950 sit, and VLAN3 (192.168.3.x) where the DMZ and web server sit. I can ping,,, and from the home user network. From the PIX I can ping the router in the home network, which is at However, I cannot ping the server at in the DMZ, and the server cannot ping and

    I have asked for help on various sites, one site said it was a trunking issue and the other site (Cisco support forums) did not get back with me about a definite issue. I can post all the necessary configs from the firewall and switch. If this doesn't make sense, please let me know and I will better try to explain my situation.

    Thank you very much!
    Attached Files

  • #2
    Re: Pix 506e in a router on a stick config

    Post the sanitized pix config.
    CCNA, Network+


    • #3
      Re: Pix 506e in a router on a stick config

      Hello there,

      Here is the config from the PIX:

      # sh running config
      : Saved
      PIX Version 6.3(5)
      interface ethernet0 auto
      interface ethernet0 vlan2 physical
      interface ethernet0 vlan3 logical
      interface ethernet1 auto
      nameif ethernet0 outside security0
      nameif ethernet1 inside security100
      nameif vlan3 dmz security50

      fixup protocol dns maximum-length 512
      fixup protocol ftp 21
      fixup protocol h323 h225 1720
      fixup protocol h323 ras 1718-1719
      fixup protocol http 80
      fixup protocol rsh 514
      fixup protocol rtsp 554
      fixup protocol sip 5060
      fixup protocol sip udp 5060
      fixup protocol skinny 2000
      fixup protocol smtp 25
      fixup protocol sqlnet 1521
      fixup protocol tftp 69
      pager lines 24
      mtu outside 1500
      mtu inside 1500
      ip address outside
      no ip address inside
      ip address dmz
      ip audit info action alarm
      ip audit attack action alarm
      pdm history enable
      arp timeout 14400
      route dmz 1
      timeout xlate 3:00:00
      timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
      timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
      timeout sip-disconnect 0:02:00 sip-invite 0:03:00
      timeout uauth 0:05:00 absolute
      aaa-server TACACS+ protocol tacacs+
      aaa-server TACACS+ max-failed-attempts 3
      aaa-server TACACS+ deadtime 10
      aaa-server RADIUS protocol radius
      aaa-server RADIUS max-failed-attempts 3
      aaa-server RADIUS deadtime 10
      aaa-server LOCAL protocol local
      no snmp-server location
      no snmp-server contact
      snmp-server community public
      no snmp-server enable traps
      floodguard enable
      telnet timeout 5
      ssh timeout 5
      console timeout 0
      terminal width 80

      : end