PAT problems pix 506E

Discussion in 'Cisco' started by twoblink, Sep 19, 2007.

  1. twoblink


    Sep 19, 2007
    I have tried for hours and hours.. and days and days.. It's really frustrating that something so simple is just not working and it's making me pull out my hair! I just want a simple PAT. I have a static IP address via PPPOE. I've configured that and it works, I can ping the outside world from the pix. I can ping the inside world as well. I just can't get it to PAT for me.

    inside IP:
    outside IP: PPPOE assigned

    "in theory", I simply:

    global (outside) 1 interface
    nat (inside) 1 0 0

    and all should be fine.. but it's not.. nothing is routing out..

    Running Pix 605E with a 64megs mem, 6.3(5).

    show version, and show config below.. any other info I can provide that might help would be appreciated.. this should be a 5 minute thing, but it's taken over 5 days with no results and no idea why.. traffic disappears into the pix, and then it just disappears. I have the PDM up, and it shows no TCP connections being made.

    Any help would be appreciated. Thanks.


    pixfirewall(config)# show version

    Cisco PIX Firewall Version 6.3(5)
    Cisco PIX Device Manager Version 3.0(4)

    Compiled on Thu 04-Aug-05 21:40 by morlee

    pixfirewall up 6 mins 24 secs

    Hardware: PIX-506E, 64 MB RAM, CPU Pentium II 300 MHz
    Flash E28F640J3 @ 0x300, 8MB
    BIOS Flash AM29F400B @ 0xfffd8000, 32KB

    0: ethernet0: address is 000b.5fc7.3cd3, irq 10
    1: ethernet1: address is 000b.5fc7.3cd4, irq 11
    Licensed Features:
    Failover: Disabled
    VPN-DES: Enabled
    VPN-3DES-AES: Disabled
    Maximum Physical Interfaces: 2
    Maximum Interfaces: 4
    Cut-through Proxy: Enabled
    Guards: Enabled
    URL-filtering: Enabled
    Inside Hosts: Unlimited
    Throughput: Unlimited
    IKE peers: Unlimited

    This PIX has a Restricted (R) license.

    Serial Number: 806474768 (0x3011d410)
    Running Activation Key: 0x3b138e45 0x5cde7bcc 0xc1a4b472 0xxxxxxxxxx
    Configuration has not been modified since last system restart.


    pixfirewall(config)# show config
    : Saved
    : Written by enable_15 at 10:20:02.040 UTC Wed Sep 19 2007
    PIX Version 6.3(1)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password lA6n4y03b24P/jsI encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname pixfirewall
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    name linux
    name windoze
    access-list inside_access_in permit tcp any any
    pager lines 24
    logging timestamp
    logging buffered debugging
    logging trap debugging
    logging facility 23
    logging queue 0
    logging host inside
    mtu outside 1454
    mtu inside 1454
    ip address outside pppoe
    ip address inside
    ip audit info action alarm
    ip audit attack action alarm
    pdm location windoze inside
    pdm location linux inside
    pdm logging debugging 512
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0 0
    access-group inside_access_in in interface inside
    route outside 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http inside
    http windoze inside
    http inside
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    sysopt connection permit-pptp
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    vpdn group pppoe_group request dialout pppoe
    vpdn group pppoe_group localname
    vpdn group pppoe_group ppp authentication pap
    vpdn group hinet request dialout pppoe
    vpdn group hinet localname
    vpdn group hinet ppp authentication chap
    vpdn username password xxxxxxx store-local
    dhcpd address inside
    dhcpd dns
    dhcpd lease 36000
    dhcpd ping_timeout 750
    dhcpd domain
    dhcpd auto_config outside
    dhcpd enable inside
    terminal width 80

    pixfirewall(config)# show global
    global (outside) 1 interface

    pixfirewall(config)# show nat
    nat (inside) 1 0 0
    twoblink, Sep 19, 2007
    1. Advertisements

  2. twoblink


    Aug 24, 2007
    Try adding this rule:

    access-list inside_access_in permit udp any any
    allan16, Sep 19, 2007
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. BinSur
    Jan 13, 2006
  2. Michiel
    Aug 22, 2006
  3. Michiel
    Aug 22, 2006
  4. Michiel
    Aug 24, 2006
  5. Michiel
    Aug 25, 2006