Cisco Pix Issue connecting to Internet through Router with Dynamic WAN IP

Discussion in 'Cisco' started by raymanwindar, Apr 2, 2009.

  1. raymanwindar

    raymanwindar

    Joined:
    Apr 2, 2009
    Messages:
    1
    Hello,

    I just finished setting up my Cisco Pix 506 on my network. I have played around with it for a few hours and cant get it. I have attached my Network Diagram to this thread.
    For the Netgear router I setup the DMZ as 172.168.1.5. So that all traffic requests are open to that IP address (Outside interface of Pix).
    Also I am not able to ping 172.168.1.1, but I am able to ping all the way up to 172.168.1.5 from the inside. I have tried from Pix and PCs from the internal network.

    Here is a picture my network diagram h t t p://junknstuff.homeip.net/homenetwork.htm


    Here is the Cisco Pix Config:
    Megaray-Pix# show run
    : Saved
    :
    PIX Version 6.2(2)
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password XXXXXXXXXX encrypted
    passwd XXXXXXXXX encrypted
    hostname Megaray-Pix
    domain-name megaray.local
    clock timezone PST -8
    clock summer-time PDT recurring
    fixup protocol ftp 21
    fixup protocol http 80
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol sip 5060
    fixup protocol skinny 2000
    names
    access-list 105 permit ip 192.168.1.0 255.255.255.0 172.168.1.0 255.255.255.0
    access-list outside permit icmp any any
    access-list outside permit tcp any host 172.168.1.1 eq www
    access-list outside permit tcp any host 172.168.1.1 eq https
    access-list outside permit tcp any host 172.168.1.1 eq ftp
    access-list outside permit tcp any host 172.168.1.1 eq smtp
    access-list outside permit tcp any host 172.168.1.1 eq 3784
    access-list outside permit tcp any host 172.168.1.1 eq 135
    access-list outside permit tcp any host 172.168.1.1 eq 1723
    pager lines 24
    interface ethernet0 auto
    interface ethernet1 auto
    icmp permit any inside
    mtu outside 1500
    mtu inside 1500
    ip address outside 172.168.1.5 255.255.255.0
    ip address inside 192.168.1.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list 105
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) 172.168.1.1 192.168.1.10 netmask 255.255.255.255 0 0
    access-group outside in interface outside
    route outside 0.0.0.0 0.0.0.0 172.168.1.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    snmp-server host inside 192.168.1.10
    snmp-server location office
    snmp-server contact Ray2003
    snmp-server community public
    snmp-server enable traps
    floodguard enable
    no sysopt route dnat
    telnet 192.168.1.0 255.255.255.0 inside
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 15
    dhcpd address 192.168.1.25-192.168.1.99 inside
    dhcpd dns 68.87.76.178 68.78.76.130
    dhcpd lease 3600
    dhcpd ping_timeout 750
    terminal width 80
    Cryptochecksum:XXXXXXXXXXXX
    : end

    Here is the Show Route Command on Pix:
    Megaray-Pix# show route
    outside 0.0.0.0 0.0.0.0 172.168.1.1 1 OTHER static
    outside 172.168.1.0 255.255.255.0 172.168.1.5 1 CONNECT static
    inside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static

    Also Im running ver 6.2 on the Pix. And also my DHCP isnt working from the PIX. May be caused by my switch though. I will be working on that issue next. First need to get the Pix to connect to the internet!

    Any help would be great!

    Thanks in advanced
    Ray
    raymanwindar, Apr 2, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. c
    Replies:
    2
    Views:
    810
  2. Hans-Peter Walter
    Replies:
    3
    Views:
    1,143
    Joe Bloggs
    Jan 21, 2004
  3. Warren Tochor
    Replies:
    9
    Views:
    4,017
    Warren Tochor
    Feb 10, 2004
  4. Casper
    Replies:
    1
    Views:
    551
    headsetadapter.com
    Aug 17, 2007
  5. David Gondek

    Connecting Wireless Router to a WAN

    David Gondek, Jul 10, 2008, in forum: Wireless Networking
    Replies:
    7
    Views:
    713
    Jack \(MVP-Networking\).
    Jul 12, 2008
Loading...

Share This Page