PIX On site, late ,tired, in the middle of a pix setup.two questions.

Discussion in 'Cisco' started by J Bard, Dec 11, 2003.

  1. J Bard

    J Bard Guest

    On site, late ,tired, in the middle of a pix setup.two questions.

    My machine is 192.168.0.31 gateway is 216.41.77.138 , the public IP in
    the T1 .

    I have a console session into the PIX from another PC and telnet established
    to the PIX from my laptop ..

    1) from the console , I can ping both the inside and outside of PIX.
    From the laptop I can ping only the inside .

    2) what's the MINIMUM configuration necessary to get through the PIX to
    ping or browse the web ?





    PIX Version 6.3(1)
    interface ethernet0 auto
    interface ethernet1 auto
    interface ethernet1 vlan2 logical
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif vlan2 DMZ security50
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd FRou7zzj.tp5/Po3 encrypted
    hostname xxxx

    domain-name xxxx

    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    names
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside 219.42.77.XXX 255.255.255.252
    ip address inside 192.168.0.2 255.255.255.0
    ip address DMZ 192.168.2.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location 192.168.0.31 255.255.255.255 inside
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    route outside 0.0.0.0 0.0.0.0 219.42.77.XXX 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    aaa authentication include http DMZ 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 LOCAL
    http server enable
    http 192.168.0.31 255.255.255.255 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    terminal width 80
     
    J Bard, Dec 11, 2003
    #1
    1. Advertising

  2. In article <>,
    J Bard <> wrote:
    :On site, late ,tired, in the middle of a pix setup.two questions.

    :1) from the console , I can ping both the inside and outside of PIX.
    :From the laptop I can ping only the inside .

    That's normal. You can only ping the 'closest' interface.

    :2) what's the MINIMUM configuration necessary to get through the PIX to
    :ping or browse the web ?

    Assign an IP address to both interfaces, then
    nat (inside) 1 0 0
    global (outside) 1 interface

    For pinging, you might also have to

    access-list out2in permit icmp any any echo-reply
    access-group out2in in interface outside
    --
    Perposterous!! Where would all the calculators go?!
     
    Walter Roberson, Dec 11, 2003
    #2
    1. Advertising

  3. J Bard

    J Joyce Guest

    ah ... got it; to be tried tomorrow ; home..

    An interesting situation ; I was utterly direct with the client ; to the
    point of thinking , for weeks, there was simply no way I would get this
    work; told him I had no prior experience with PIX's , was clear as to the
    complexity involved...I placed a limit on any amount to be charged, and have
    made it clear this is a learning process...went off and read, and was
    surprised by the call ... I have been programming and installing LAN's for
    15 years, and must have some professional sensibility , and in some way my
    honesty must have been oddly pleasant , but I have never taken a job in
    which I have been so technically at sea ...

    Most of what I thought would work did, (in no small part due to your help)
    ; and there were moments of real fun , but still a sense at times of having
    entered a morass ...
    Again, many thanks -

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:br8jh4$5e4$...
    > In article <>,
    > J Bard <> wrote:
    > :On site, late ,tired, in the middle of a pix setup.two questions.
    >
    > :1) from the console , I can ping both the inside and outside of

    PIX.
    > :From the laptop I can ping only the inside .
    >
    > That's normal. You can only ping the 'closest' interface.
    >
    > :2) what's the MINIMUM configuration necessary to get through the PIX

    to
    > :ping or browse the web ?
    >
    > Assign an IP address to both interfaces, then
    > nat (inside) 1 0 0
    > global (outside) 1 interface
    >
    > For pinging, you might also have to
    >
    > access-list out2in permit icmp any any echo-reply
    > access-group out2in in interface outside
    > --
    > Perposterous!! Where would all the calculators go?!
     
    J Joyce, Dec 11, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eddie
    Replies:
    3
    Views:
    1,775
    Martin Bilgrav
    May 23, 2004
  2. Debra Rosiu

    Tired of being tired??

    Debra Rosiu, Sep 22, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    469
    Tina - AffordableHOST.com
    Sep 22, 2003
  3. Chris
    Replies:
    9
    Views:
    5,659
    John Doe
    Jul 26, 2006
  4. Joey
    Replies:
    0
    Views:
    760
  5. Peter Simons
    Replies:
    0
    Views:
    1,533
    Peter Simons
    Nov 21, 2007
Loading...

Share This Page