Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PAT problems pix 506E

Reply
Thread Tools

PAT problems pix 506E

 
 
twoblink twoblink is offline
Junior Member
Join Date: Sep 2007
Posts: 6
 
      09-19-2007
I have tried for hours and hours.. and days and days.. It's really frustrating that something so simple is just not working and it's making me pull out my hair! I just want a simple PAT. I have a static IP address via PPPOE. I've configured that and it works, I can ping the outside world from the pix. I can ping the inside world as well. I just can't get it to PAT for me.

inside IP: 192.168.1.1
outside IP: PPPOE assigned

"in theory", I simply:

global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0 0 0

and all should be fine.. but it's not.. nothing is routing out..

Running Pix 605E with a 64megs mem, 6.3(5).

show version, and show config below.. any other info I can provide that might help would be appreciated.. this should be a 5 minute thing, but it's taken over 5 days with no results and no idea why.. traffic disappears into the pix, and then it just disappears. I have the PDM up, and it shows no TCP connections being made.

Any help would be appreciated. Thanks.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~


pixfirewall(config)# show version

Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

pixfirewall up 6 mins 24 secs

Hardware: PIX-506E, 64 MB RAM, CPU Pentium II 300 MHz
Flash E28F640J3 @ 0x300, 8MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 000b.5fc7.3cd3, irq 10
1: ethernet1: address is 000b.5fc7.3cd4, irq 11
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Disabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 4
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited

This PIX has a Restricted (R) license.

Serial Number: 806474768 (0x3011d410)
Running Activation Key: 0x3b138e45 0x5cde7bcc 0xc1a4b472 0xxxxxxxxxx
Configuration has not been modified since last system restart.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~

pixfirewall(config)# show config
: Saved
: Written by enable_15 at 10:20:02.040 UTC Wed Sep 19 2007
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password lA6n4y03b24P/jsI encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
domain-name achtung.com
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 192.168.1.99 linux
name 192.168.1.101 windoze
access-list inside_access_in permit tcp any any
pager lines 24
logging timestamp
logging buffered debugging
logging trap debugging
logging facility 23
logging queue 0
logging host inside 192.168.1.254
mtu outside 1454
mtu inside 1454
ip address outside pppoe
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location windoze 255.255.255.255 inside
pdm location linux 255.255.255.255 inside
pdm logging debugging 512
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 59.121.0.254 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
http windoze 255.255.255.255 inside
http 192.168.1.254 255.255.255.255 inside
http 192.168.1.1 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group pppoe_group request dialout pppoe
vpdn group pppoe_group localname http://www.velocityreviews.com/forums/(E-Mail Removed)
vpdn group pppoe_group ppp authentication pap
vpdn group hinet request dialout pppoe
vpdn group hinet localname (E-Mail Removed)
vpdn group hinet ppp authentication chap
vpdn username (E-Mail Removed) password xxxxxxx store-local
dhcpd address 192.168.1.200-192.168.1.250 inside
dhcpd dns 168.95.1.1 168.95.192.1
dhcpd lease 36000
dhcpd ping_timeout 750
dhcpd domain achtung.com
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:acc7fa1339ecfac134c35357606a229c


pixfirewall(config)# show global
global (outside) 1 interface


pixfirewall(config)# show nat
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
 
Reply With Quote
 
 
 
 
allan16 allan16 is offline
Junior Member
Join Date: Aug 2007
Posts: 14
 
      09-19-2007
Try adding this rule:

access-list inside_access_in permit udp any any
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 4) Michiel Cisco 0 08-25-2006 01:17 AM
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 3) Michiel Cisco 19 08-24-2006 08:55 PM
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 2) Michiel Cisco 2 08-22-2006 08:46 PM
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT Michiel Cisco 4 08-22-2006 12:26 PM
Static PAT overrides Dynamic Pat - Pix 515e BinSur Cisco 4 01-13-2006 09:44 AM



Advertisments