Can't ping hosts inside PIX firewall====URGENT! PLZ HELP

Discussion in 'Cisco' started by soup_or_power@yahoo.com, Jul 29, 2006.

  1. Guest

    I can't ping the host 209.178.196.211. Please see the config. Because
    of this the mail coming through SMTP is hosed.
    I'd appreciate your help.

    : Saved
    :
    PIX Version 6.1(1)
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 9Hxv6QfoEUwhwV2T encrypted
    passwd 9Hxv6QfoEUwhwV2T encrypted
    hostname iexpect-corp
    fixup protocol ftp 21
    fixup protocol http 80
    fixup protocol h323 1720
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sqlnet 1521
    fixup protocol sip 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    names
    name 192.168.5.10 corp-smtp
    name 192.168.5.13 njrep1
    name 192.168.5.150 trig1
    name 192.168.5.151 trig2
    name 192.168.5.61 brett
    name 192.168.5.58 sfg
    name 192.168.5.152 sfg2
    name 192.168.5.63 pepsanchez
    name 192.168.5.9 corp-smtp2
    access-list ipsec permit ip 192.168.5.0 255.255.255.0 10.0.255.0
    255.255.255.0
    access-list ipsec permit ip 192.168.11.0 255.255.255.0 10.0.255.0
    255.255.255.0
    access-list incoming permit tcp any host 209.178.196.211 eq smtp
    access-list incoming permit tcp any host 209.178.196.212 eq smtp
    access-list incoming permit icmp any any echo-reply
    access-list incoming permit icmp any any time-exceeded
    access-list incoming permit icmp any any unreachable
    access-list incoming permit tcp any host 209.178.196.211 eq 5631
    access-list incoming permit tcp any host 209.178.196.211 eq 5632
    access-list incoming permit udp any host 209.178.196.211 eq 5632
    access-list incoming permit udp host 216.34.112.198 eq dnsix any
    access-list incoming permit udp host 216.33.202.54 eq dnsix any
    access-list incoming permit tcp any eq telnet host 216.74.138.147
    access-list incoming permit tcp any host 209.178.196.212 eq telnet
    access-list incoming permit tcp any eq telnet host 209.178.196.212
    access-list incoming permit tcp any host 209.178.196.211 eq www
    access-list incoming permit tcp any host 209.178.196.212 eq www
    access-list incoming permit tcp any host 209.178.196.212 eq ftp
    access-list incoming permit tcp any eq ftp host 209.178.196.212
    access-list incoming permit tcp any host 209.178.196.213 eq 22
    access-list incoming permit tcp any host 209.178.196.213 eq www
    access-list incoming permit tcp any host 209.178.196.211 eq 3389
    access-list incoming permit tcp any host 209.178.196.212 eq 3389
    access-list incoming permit tcp any host njrep1 eq 22
    access-list incoming permit tcp any host njrep1 eq ftp
    access-list incoming permit tcp any host 209.178.196.215 eq 4662
    access-list incoming permit udp any host 209.178.196.215 eq 4672
    access-list incoming permit tcp any host 209.178.196.217 eq www
    access-list incoming permit tcp any host 209.178.196.213 eq 443
    access-list incoming permit tcp any host 209.178.196.217 eq 22
    access-list incoming permit tcp any host 209.178.196.222 eq 5900
    access-list incoming permit tcp 202.138.142.224 255.255.255.224 host
    209.178.196.216 eq 443
    access-list incoming permit tcp any host 209.178.196.217 eq 443
    access-list incoming permit tcp any host 209.178.196.222 eq www
    access-list incoming permit tcp any host 209.178.196.222 eq 129
    access-list incoming permit tcp any host 209.178.196.222 eq 132
    access-list incoming permit tcp any host 209.178.196.211 eq ftp
    access-list incoming permit tcp any host 209.178.196.216
    access-list incoming permit icmp any host 209.178.196.222
    access-list incoming permit tcp any host 209.178.196.211
    access-list incoming permit icmp any host 209.178.196.211
    access-list outgoing permit tcp any any
    access-list outgoing permit icmp any any
    access-list outgoing permit icmp any any echo-reply
    access-list outgoing permit udp any any
    access-list outgoing permit tcp any any eq www
    access-list outgoing permit tcp any host 216.239.35.101 eq www
    access-list outgoing permit udp any host 216.34.112.198 eq dnsix
    access-list outgoing permit udp any host 216.33.202.54 eq dnsix
    pager lines 24
    logging on
    interface ethernet0 10baset
    interface ethernet1 10baset
    mtu outside 1500
    mtu inside 1500
    ip address outside 209.178.196.210 255.255.255.240
    ip address inside 192.168.5.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool corp-home 192.168.99.1-192.168.99.224
    pdm history enable
    arp timeout 60
    global (outside) 1 209.178.196.220-209.178.196.221
    global (outside) 1 209.178.196.219
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    alias (inside) sfg 209.178.196.216 255.255.255.255
    alias (inside) sfg2 209.178.196.217 255.255.255.255
    alias (inside) corp-smtp 209.178.196.211 255.255.255.255
    alias (inside) 192.168.11.150 209.178.196.213 255.255.255.255
    alias (inside) 192.168.5.149 209.178.196.222 255.255.255.255
    static (inside,outside) 209.178.196.213 trig1 netmask 255.255.255.255 0

    0
    static (inside,outside) 209.178.196.214 trig2 netmask 255.255.255.255 0

    0
    static (inside,outside) 209.178.196.211 corp-smtp netmask
    255.255.255.255 0 0
    static (inside,outside) 209.178.196.215 brett netmask 255.255.255.255 0

    0
    static (inside,outside) 209.178.196.216 sfg netmask 255.255.255.255 0 0

    static (inside,outside) 209.178.196.217 sfg2 netmask 255.255.255.255 0
    0
    static (inside,outside) 209.178.196.222 192.168.5.149 netmask
    255.255.255.255 0 0
    static (inside,outside) 209.178.196.218 pepsanchez netmask
    255.255.255.255 0 0
    static (inside,outside) 209.178.196.212 corp-smtp2 netmask
    255.255.255.255 0 0
    access-group incoming in interface outside
    route outside 0.0.0.0 0.0.0.0 209.178.196.209 1
    route inside 192.168.11.0 255.255.255.0 192.168.5.2 1
    route inside 192.168.254.0 255.255.255.0 192.168.5.2 1
    timeout xlate 3:00:00
    timeout conn 3:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
    0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    http server enable
    http corp-smtp2 255.255.255.255 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    sysopt ipsec pl-compatible
    no sysopt route dnat
    crypto ipsec transform-set iexpect esp-des esp-md5-hmac
    crypto ipsec transform-set myset esp-des esp-md5-hmac
    crypto dynamic-map dynmap 10 set transform-set myset
    crypto map corp 1 ipsec-isakmp
    crypto map corp 1 match address ipsec
    crypto map corp 1 set peer 216.74.138.157
    crypto map corp 1 set transform-set iexpect
    crypto map corp 10 ipsec-isakmp dynamic dynmap
    crypto map corp client configuration address initiate
    crypto map corp client configuration address respond
    crypto map corp interface outside
    isakmp enable outside
    isakmp key ******** address 216.74.138.157 netmask 255.255.255.255
    isakmp identity address
    isakmp policy 1 authentication pre-share
    isakmp policy 1 encryption des
    isakmp policy 1 hash md5
    isakmp policy 1 group 1
    isakmp policy 1 lifetime 86400
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    vpngroup corphome address-pool corp-home
    vpngroup corphome dns-server 192.168.1.6
    vpngroup corphome wins-server 192.168.1.6
    vpngroup corphome default-domain corp.iexpect.com
    vpngroup corphome idle-time 1800
    vpngroup corphome password ********
    telnet corp-smtp 255.255.255.255 inside
    telnet 192.168.5.2 255.255.255.255 inside
    telnet 192.168.11.0 255.255.255.0 inside
    telnet 192.168.5.0 255.255.255.0 inside
    telnet njrep1 255.255.255.255 inside
    telnet corp-smtp2 255.255.255.255 inside
    telnet timeout 5
    ssh njrep1 255.255.255.255 inside
    ssh timeout 5
    terminal width 80
    Cryptochecksum:b74f20411172389725f6e85195e68c9b
    , Jul 29, 2006
    #1
    1. Advertising

  2. Guest

    Re: Can't ping hosts inside PIX firewall====URGENT! PLZ HELP

    Wave2Wave (ISP) has allocated the IP's 209.178.196.210 thru
    209.178.196.222
    I can ping only the following list:
    216, 217, 220, 222
    The rest don't respond to ping. Ah!
    , Jul 29, 2006
    #2
    1. Advertising

  3. Guest

    Re: Can't ping hosts inside PIX firewall====URGENT! PLZ HELP

    Someone kindly let me know what's wrong with my config!!
    Thanks
    , Jul 29, 2006
    #3
  4. Guest

    Re: Can't ping hosts inside PIX firewall====URGENT! PLZ HELP

    Someone kindly let me know what's wrong with my config!!
    Thanks
    , Jul 29, 2006
    #4
  5. Guest

    Re: Can't ping hosts inside PIX firewall====URGENT! PLZ HELP

    Someone kindly let me know what's wrong with my config!!
    Thanks
    , Jul 29, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. alkzy

    Re: plz help!!! plz plz plz plzplzplz help the noob

    alkzy, Oct 31, 2004, in forum: Microsoft Certification
    Replies:
    0
    Views:
    576
    alkzy
    Oct 31, 2004
  2. Replies:
    0
    Views:
    635
  3. Nick
    Replies:
    0
    Views:
    460
  4. spec
    Replies:
    7
    Views:
    1,291
    Peter
    Jun 5, 2006
  5. vijaygubba
    Replies:
    0
    Views:
    1,472
    vijaygubba
    Feb 4, 2008
Loading...

Share This Page