PIX 515E Changing from DSL to Cable ISP

Discussion in 'Cisco' started by sintral, May 28, 2010.

  1. sintral

    sintral Guest

    IOS Version 6.2

    I cannot access the internet using my new cable modem and the settings
    below.

    I'm not sure the exact amount of static IPs we were allotted by the
    DSL provider (someone may be able to determine it from the
    configuration below), but we have 6 with the cable company; 199-204.
    Aside from the changes in the IPs and how they affect static routes,
    access-lists, and gateways, there must be a setting I'm missing. One
    thing I did notice is the the ISPs differ on how they've subnetted the
    IPs I've been given. DSL gave me my own subnet (255.255.255.248) for
    my x # of addresses. The cable provider gave me 6 addresses with a
    255.255.252.0 mask. Below are the snippets, before and after.

    DSL - (Apparently using addresses 11.16.146.89 - 11.16.146.94 w/ .89
    being the gateway)
    nameif ethernet0 outside security0
    ip address outside 11.16.146.90 255.255.255.248
    global (outside) 1 11.16.146.92-68.16.146.93 netmask 255.255.255.248
    global (outside) 1 11.16.146.94 netmask 255.255.255.248
    static (inside,outside) tcp 11.16.146.91 ssh 10.6.18.10 ssh netmask
    255.255.255.255 0 0
    access-list inbound permit tcp any host 11.16.146.91 eq ssh
    access-list 101 permit ip 10.6.18.0 255.255.255.0 172.6.18.0
    255.255.255.0
    nat (inside) 0 access-list 101
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    route outside 0.0.0.0 0.0.0.0 11.16.146.89 1
    route inside 192.168.0.0 255.255.255.0 10.6.18.9 1

    CABLE - (static ips 205.213.231.199 - 205.213.231-204, netmask
    255.255.252.0, gateway 205.213.228.1)
    nameif ethernet0 outside security0
    ip address outside 205.213.231.199 255.255.252.0
    global (outside) 1 205.213.231.200-205.213.231.203 netmask
    255.255.252.0
    global (outside) 1 205.213.231.204 netmask 255.255.252.0
    static (inside,outside) tcp 205.213.231.200 ssh 10.6.18.10 ssh netmask
    255.255.255.255 0 0
    access-list inbound permit tcp any host 205.213.231.200 eq ssh
    access-list 101 permit ip 10.6.18.0 255.255.255.0 172.6.18.0
    255.255.255.0
    nat (inside) 0 access-list 101
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    route outside 0.0.0.0 0.0.0.0 205.213.228.1 1
    route inside 192.168.0.0 255.255.255.0 10.6.18.9 1

    My guess is that there is either a problem with NAT/PAT or the weird
    subnet mask (supernetted class C) is causing me problems. You'll
    notice from the last config line that my cable ISP's gateway would be
    in a different subnet if this were a true class C. Can anyone tell
    where I went wrong or what I should try? I tried to include all
    relevant lines, which are all the ones that I've changed.

    Thanks,
    Paul
     
    sintral, May 28, 2010
    #1
    1. Advertising

  2. sintral

    alexd Guest

    On 28/05/10 23:59, sintral wrote:
    > Can anyone tell where I went wrong or what I should try?


    First thing I would try is plug a PC into your cable modem and just
    check you can get on the internet.

    --
    <http://ale.cx/> (AIM:troffasky) ()
    10:26:34 up 31 days, 11:12, 2 users, load average: 0.39, 0.96, 0.98
    It is better to have been wasted and then sober
    than to never have been wasted at all
     
    alexd, May 29, 2010
    #2
    1. Advertising

  3. sintral

    sintral Guest

    On May 29, 5:28 am, alexd <> wrote:
    > On 28/05/10 23:59, sintral wrote:
    >
    > > Can anyone tell where I went wrong or what I should try?

    >
    > First thing I would try is plug a PC into your cable modem and just
    > check you can get on the internet.
    >

    Right, sure. I can connect fine without the firewall using all of my
    static IPs from the cable ISP. Does anyone else see a problem in the
    configuration? Extra or omitted line?
     
    sintral, May 30, 2010
    #3
  4. sintral

    sintral Guest

    On May 30, 9:33 am, sintral <> wrote:
    > On May 29, 5:28 am, alexd <> wrote:> On 28/05/10 23:59, sintral wrote:
    >
    > > > Can anyone tell where I went wrong or what I should try?

    >
    > > First thing I would try is plug a PC into your cable modem and just
    > > check you can get on the internet.

    >
    > Right, sure. I can connect fine without the firewall using all of my
    > static IPs from the cable ISP. Does anyone else see a problem in the
    > configuration? Extra or omitted line?


    Is it necessary to run a 'clear xlate' after changing the NAT/PAT
    settings? I just happened up on that and I can't remember if I did
    that.
     
    sintral, May 30, 2010
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. How can I be down
    Replies:
    0
    Views:
    431
    How can I be down
    Oct 15, 2003
  2. an admin too
    Replies:
    3
    Views:
    562
    an admin too
    Nov 1, 2004
  3. =?iso-8859-2?Q?S=B3awek?=

    PIX 515E and 2 ISP

    =?iso-8859-2?Q?S=B3awek?=, Mar 21, 2006, in forum: Cisco
    Replies:
    3
    Views:
    6,557
    =?iso-8859-2?Q?S=B3awek?=
    Mar 22, 2006
  4. Kazonme
    Replies:
    3
    Views:
    490
    steve
    Mar 5, 2005
  5. Kazonme
    Replies:
    20
    Views:
    759
    Dave - Dave.net.nz
    Mar 7, 2005
Loading...

Share This Page