pix 515 version 8.0(2) Internal Interface

Discussion in 'Cisco' started by RG, May 25, 2010.

  1. RG

    RG Guest

    Please, refer to the configuration found below.

    I have two external interfaces and one internal. At least, I should be able
    to ping the internal interface from local network, but it is not happening.
    I was wondering if someone could point out as to what I am missing here.

    Thanks in advance

    : Saved
    :
    PIX Version 8.0(2)
    !
    hostname fire
    enable password 5JqIHmCE6LOVAjK8 encrypted
    names
    name 192.168.1.0 LAN
    !
    interface Ethernet0
    speed 100
    duplex full
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet0.1
    vlan 730
    nameif natfg
    security-level 0
    ip address 192.168.3.210 255.255.255.0
    !
    interface Ethernet1
    speed 100
    duplex full
    shutdown
    nameif inside
    security-level 100
    ip address 192.168.1.3 255.255.255.0
    !
    interface Ethernet2
    speed 100
    duplex full
    shutdown
    nameif tpfg
    security-level 0
    ip address xx.xx.xxx.251 255.255.255.248
    !
    passwd 2KFQnbNIdI.2KYOU encrypted
    ftp mode passive
    access-list inbound extended permit tcp any interface natfg eq https
    access-list inbound extended permit tcp host xx.xx.xxx.251 host 192.168.1.16
    eq smtp
    access-list workstations extended permit icmp host 192.168.1.129 any
    access-list workstations extended permit udp host 192.168.1.129 any
    access-list workstations extended permit tcp host 192.168.1.129 any
    access-list workstations extended permit tcp host 192.168.1.129 any eq ssh
    access-list workstations extended permit tcp host 192.168.1.129 any eq 4125
    access-list workstations extended permit tcp host 192.168.1.129 any eq 3389
    access-list workstations extended permit tcp host 192.168.1.129 any eq www
    access-list workstations extended permit tcp host 192.168.1.129 any eq 8443
    access-list workstations extended permit udp host 192.168.1.129 any eq ntp
    access-list workstations extended permit udp host 192.168.1.129 any eq sip
    access-list workstations extended permit tcp host 192.168.1.129 any eq https
    access-list workstations extended permit udp host 192.168.1.142 any eq
    domain
    access-list workstations extended permit udp host 192.168.1.129 any eq
    domain
    access-list workstations extended permit tcp host 192.168.1.129 any eq nntp
    access-list workstations extended permit tcp host 192.168.1.16 any eq smtp
    access-list workstations extended permit udp host 192.168.1.11 any eq domain
    access-list workstations extended deny ip any interface inside
    pager lines 24
    mtu natfg 1500
    mtu inside 1500
    mtu tpfg 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (natfg) 1 interface
    nat (inside) 1 192.168.1.11 255.255.255.255
    nat (inside) 1 192.168.1.16 255.255.255.255
    nat (inside) 1 192.168.1.129 255.255.255.255
    static (inside,tpfg) tcp 96.57.68.251 https 192.168.1.16 https netmask
    255.255.255.255
    static (inside,tpfg) tcp xx.xx.xxx.251 smtp 192.168.1.16 smtp netmask
    255.255.255.255
    access-group workstations in interface inside
    access-group inbound in interface tpfg
    route natfg 0.0.0.0 0.0.0.0 192.168.3.3 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
    0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
    0:02:00
    timeout uauth 0:05:00 absolute
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 192.168.0.0 255.255.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    no crypto isakmp nat-traversal
    telnet 192.168.0.0 255.255.0.0 inside
    telnet timeout 25
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
    !
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:314bfe68529169ab1710ec069937453b
    : end
     
    RG, May 25, 2010
    #1
    1. Advertising

  2. On 25.5.2010. 6:13, RG wrote:
    > Please, refer to the configuration found below.
    >
    > I have two external interfaces and one internal. At least, I should
    > be able to ping the internal interface from local network, but it is
    > not happening. I was wondering if someone could point out as to what I
    > am missing here.
    >
    > Thanks in advance
    >
    > :


    !
    interface Ethernet1
    speed 100
    duplex full
    shutdown
    nameif inside
    security-level 100
    ip address 192.168.1.3 255.255.255.0
    !
    On the very first look I can see that your inside int is in shutdown
    state, so you should enable it with 'no shutdown' command:
    config t
    int e1
    no shut
     
    Igor Mamuzić aka Pseto, May 25, 2010
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. EG
    Replies:
    5
    Views:
    8,315
    Walter Roberson
    Dec 30, 2004
  2. Replies:
    1
    Views:
    555
    Walter Roberson
    Sep 11, 2005
  3. Replies:
    5
    Views:
    5,376
    Walter Roberson
    Sep 15, 2005
  4. JoelSeph
    Replies:
    9
    Views:
    6,833
    JoelSeph
    Jan 23, 2006
  5. Scott Townsend
    Replies:
    8
    Views:
    757
    Roman Nakhmanson
    Feb 22, 2006
Loading...

Share This Page