PIX 6.3 - Outbound traffic not working

Discussion in 'Hardware' started by khurri, Jun 19, 2009.

  1. khurri

    khurri

    Joined:
    Jun 19, 2009
    Messages:
    2
    Hi,
    I have a vpn and following PIX configuration. Outside users can get in but users can not get out from inside. Outbound traffic is not working at all. Not sure if I have to apply the accesslist to outside interface. Can someone please help?

    PIX Version 6.3(5)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password yEejltES02QYOkGq encrypted
    passwd SkGAlm91goMQFQlP encrypted
    hostname CUL-FW1
    domain-name cul.org
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol pptp 1723
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.240
    access-list outside_access_in permit icmp any any
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside 124.132.244.35 255.255.255.240
    ip address inside 192.168.0.3 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool CULVPN 192.168.10.1-192.168.10.15
    pdm location 192.168.0.0 255.255.255.0 inside
    pdm logging emergencies 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 124.132.244.36-124.132.244.45
    global (outside) 1 124.132.244.46
    nat (inside) 1 192.168.0.0 255.255.255.0 0 0
    access-group outside_access_in in interface inside
    route outside 0.0.0.0 0.0.0.0 124.132.244.33 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout sip-disconnect 0:02:00 sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    sysopt connection permit-pptp
    crypto ipsec transform-set myset esp-des esp-md5-hmac
    crypto dynamic-map dynmap 10 set transform-set myset
    crypto map mymap 10 ipsec-isakmp dynamic dynmap
    crypto map mymap client configuration address initiate
    crypto map mymap client configuration address respond
    crypto map mymap interface outside
    isakmp enable outside
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption des
    isakmp policy 20 hash md5
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    vpngroup vpn3000-all idle-time 1800
    vpngroup CUlgroup address-pool CULVPN
    vpngroup CUlgroup dns-server 192.168.0.5
    vpngroup CUlgroup wins-server 192.168.0.5
    vpngroup CUlgroup idle-time 1800
    vpngroup CUlgroup password ********
    telnet 192.168.0.0 255.255.255.0 inside
    telnet timeout 5
    ssh 192.168.0.0 255.255.255.0 inside
    ssh timeout 5
    console timeout 0
    terminal width 80
    Cryptochecksum:c1be5832b851a0ae7a4178e24ea7f999
    : end
    CUL-FW1#




    CUL-FW1# sh int
    interface ethernet0 "outside" is up, line protocol is up
    Hardware is i82559 ethernet, address is 001d.a286.7ee7
    IP address 124.132.244.35, subnet mask 255.255.255.240
    MTU 1500 bytes, BW 100000 Kbit full duplex
    141411 packets input, 14301433 bytes, 0 no buffer
    Received 5560 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    6844 packets output, 425853 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collisions, 0 deferred
    0 lost carrier, 0 no carrier
    input queue (curr/max blocks): hardware (128/12 software (0/2)
    output queue (curr/max blocks): hardware (0/1) software (0/1)
    interface ethernet1 "inside" is up, line protocol is up
    Hardware is i82559 ethernet, address is 001d.a286.7ee8
    IP address 192.168.0.3, subnet mask 255.255.255.0
    MTU 1500 bytes, BW 100000 Kbit full duplex
    24912018 packets input, 2155822238 bytes, 0 no buffer
    Received 16418328 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    7261021 packets output, 450417946 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collisions, 0 deferred
    0 lost carrier, 0 no carrier
    input queue (curr/max blocks): hardware (128/12 software (0/120)
    output queue (curr/max blocks): hardware (0/120) software (0/1)
    CUL-FW1#

    Thanks,
    K
    khurri, Jun 19, 2009
    #1
    1. Advertising

  2. khurri

    lokojones

    Joined:
    Jun 26, 2009
    Messages:
    2
    global (outside) 1 124.132.244.36-124.132.244.45
    global (outside) 1 124.132.244.46
    nat (inside) 1 192.168.0.0 255.255.255.0 0 0

    try with
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 .0.0.0.0 0 0

    means nat all ip from inside inferface on outside interface
    lokojones, Jun 26, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ariel
    Replies:
    1
    Views:
    563
    Phillip Remaker
    May 24, 2004
  2. ESM
    Replies:
    1
    Views:
    3,138
    Walter Roberson
    Mar 12, 2005
  3. ssaluja@gmail.com

    Logging outbound traffic from PIX

    ssaluja@gmail.com, Apr 20, 2005, in forum: Cisco
    Replies:
    1
    Views:
    804
    Walter Roberson
    Apr 21, 2005
  4. paul_tomlin@hotmail.com

    Outbound PPTP Not Working

    paul_tomlin@hotmail.com, Jan 17, 2008, in forum: Cisco
    Replies:
    4
    Views:
    507
    Brian V
    Feb 7, 2008
  5. khurri
    Replies:
    0
    Views:
    820
    khurri
    Jun 19, 2009
Loading...

Share This Page