|
|
|
|
09-30-2006, 05:30 AM
|
#1 |
Plz Help me in Pix 515E
hi u all tecnhocratic geeks!
i am a newbie in the world of cisco, administrating a college WAN and LAN. at a first instance i was have just two class C public Ip , one i hav given to router 2600 and 2nd for ma pix 515E outside interface. everything was going fine but recently my HQ changed ma Ip Addresses and alloted ma with 29 bits subnet. as per old prefernces i alloted one to router and one to pix and one to my database server ( new addition ). now the problm is tht my inside clients ( college Faculty ) are quite happy as they hav no prb but internet traffic to my database server ( to which i hav alloted a public ip with the pix outside interface ip as gateway ) is stopped . very strange to say tht even database server can ping the router and pix but internet traffic is blocked on it. so i m confused in tht. and wana help from all u geeks. The route of my WAN is mentioned here router ============> Pix 515E ===============> Catalyst 2950 thrh cross cable straight cable one thing more tht i didt make any chage in catalyst 2950, it hav default setting. the configuration of router and pix is given below plz consider it thorughly and give me helpful decision. ROUTER CONFIGURATION ------------------------- version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname router ! aaa new-model ! ! aaa authentication login default enable local aaa authentication ppp default if-needed local aaa session-id common ! ip name-server xxx.xxx.xxx.14 ip name-server xxx.xxx.xxx.41 ! ! ! ! interface FastEthernet0/0 ip address xxx.xxx.xxx.177 255.255.255.248 ( new Ip address scheme) no ip mroute-cache duplex auto speed auto ! interface Serial0/0 ip address xxx.xxx.xxx.158 255.255.255.252 ( natted scheme) encapsulation ppp no ip mroute-cache no keepalive ! interface FastEthernet0/1 ip address 192.168.0.1 255.255.255.0 no ip mroute-cache duplex auto speed auto ! interface Serial0/1 no ip address no ip mroute-cache shutdown ! interface Group-Async45 ip unnumbered FastEthernet0/1 encapsulation ppp async mode interactive peer default ip address pool cae ppp max-bad-auth 3 ppp authentication pap chap mschap group-range 33 48 ! interface Group-Async65 physical-layer async no ip address async default routing ! router ospf 1 log-adjacency-changes network 192.168.2.156 0.0.0.3 area 1 network 202.83.173.180 0.0.0.3 area 1 ! ip local pool cae 192.168.0.2 192.168.0.17 ip classless ip route 0.0.0.0 0.0.0.0 192.168.2.157 no ip http server ip ospf name-lookup ip pim bidir-enable ! ! access-list 110 deny tcp host 192.168.0.131 any access-list 110 permit tcp any any eq www access-list 110 deny tcp any any dialer-list 1 protocol ip permit route-map proxy-redirect permit 10 match ip address 110 set ip next-hop 192.168.0.131 ! route-map squid permit 20 match ip address 110 set ip next-hop 192.168.0.131 ! snmp-server engineID local 0000000902000003E39BB840 snmp-server community vebra99 RO snmp-server trap-source FastEthernet0/1 snmp-server contact Syed Ali Raza Bukhari ! line con 0 line 33 48 modem Dialin modem autoconfigure discovery transport input all autoselect ppp flowcontrol hardware line aux 0 line vty 0 4 password 7 0455020B0B204F42080A16 ! ! end ............................ PIX FIREWALL CONFIGURATION ........................................... PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto shutdown nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security4 hostname pixfirewall fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names pager lines 24 mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside xxx.xxx.xxx.178 255.255.255.248 ip address inside 192.168.0.136 255.255.252.0 no ip address intf2 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.177 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 192.168.0.0 255.255.0.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside terminal width 80 Cryptochecksum:3c3d2e7a716ce28c562a512ca8645726 : end ............................................. DATABASE SERVER NETWORK SETTING .......................................... ip address xxx.xxx.xxx.179 subnet xxx.xxx.xxx.248 GW xxx.xxx.xxx.178 (pix outside interface address ) and than dns setting as per requirement. its all about my efforts and now i expect a sincere solutions from u all. thanks in advance techartist |
|
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Cisco Pix 515e help | leedo | Hardware | 0 | 03-06-2008 11:59 AM |
| Pix 515E Access List issue | ally0000 | Hardware | 3 | 02-15-2008 01:34 PM |
| Pix 515E Access ist issue | ally0000 | Hardware | 0 | 01-12-2008 10:09 AM |
| pix 515e vpn problem | davydesmet | Hardware | 0 | 01-10-2008 09:15 AM |
| PIX 515e and external router NAT problem. | syropes | Hardware | 1 | 12-08-2007 04:41 AM |
