PIX problem when using dhcp server

Discussion in 'Cisco' started by packets, Apr 9, 2008.

  1. packets

    packets

    Joined:
    Apr 9, 2008
    Messages:
    2
    I'm new to pix. I have a client and I'm the one who task to configured pix and share it over the private network. My problem is I have a dhcp server and I don't use the dhcp features of pix firewall. When they connect to Internet using dhcp, they have no browsing. But if they chose to static their ips, they can access the Internet. Could it be the problem of the pix firewall's configuration? Here is the config:
    PIX Version 7.1(2)
    !
    hostname pixfirewall
    domain-name default.domain.invalid
    enable password yUrbou1d1Dk5WwfZ encrypted
    names
    !
    interface Ethernet0
    nameif outside
    security-level 0
    ip address 209.85.23.x 255.255.255.240
    !
    interface Ethernet1
    nameif inside
    security-level 100
    ip address 192.168.1.253 255.255.255.0
    !
    passwd 2KFQnbNIdI.2KYOU encrypted
    ftp mode passive
    dns server-group DefaultDNS
    domain-name default.domain.invalid
    access-list outbound extended permit ip any any
    access-list outbound extended permit tcp any host 192.168.1.67 eq www
    access-list outbound extended permit tcp host 192.168.1.67 any eq www
    access-list 100 extended permit tcp any host 209.85.23.x eq www
    access-list 100 extended permit tcp any host 209.85.23.x eq www
    access-list 100 extended permit tcp any any eq www
    access-list 100 extended permit tcp host 209.85.23.x any eq www
    access-list 100 extended permit tcp any host 209.85.23.x eq lotusnotes
    access-list 100 extended permit tcp 209.85.20.0 255.255.255.0 host 202.84.23.226
    eq telnet
    access-list 100 extended permit tcp any host 209.85.23.x eq ftp
    access-list 100 extended permit tcp any host 209.85.23.x eq www
    access-list 100 extended permit tcp any host 209.85.23.x eq 3013
    access-list 100 extended permit tcp any host 209.85.23.x eq 3013
    access-list 100 extended permit tcp any host 209.85.23.x eq 3013
    access-list 100 extended permit tcp any host 209.85.23.x eq 3013
    access-list 100 extended permit tcp any host 209.85.23.x eq 5800
    access-list 100 extended permit tcp any host 209.85.23.x eq 5900
    access-list 100 extended permit tcp any host 209.85.23.x eq 5800
    access-list 100 extended permit tcp any host 209.84.23.x eq 5900
    access-list 100 extended permit tcp any host 209.84.23.x eq ftp
    access-list 100 extended permit tcp any host 209.84.23.x eq www
    access-list 100 extended permit tcp any host 209.84.23.x eq www
    access-list 100 extended deny icmp any host 209.84.23.226
    access-list inbound extended permit tcp any host 209.84.23.231 eq www
    access-list inbound extended permit tcp any host 209.84.23.230 eq www
    pager lines 24
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    no failover
    asdm image flash:/asdm
    no asdm history enable
    arp timeout 14400
    global (outside) 1 209.84.23.227-209.84.23.237
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) 209.84.23.x 192.168.1.67 netmask 255.255.255.255
    static (inside,outside) 209.84.23.x 192.168.1.12 netmask 255.255.255.255
    static (inside,outside) 209.84.23.x 192.168.1.13 netmask 255.255.255.255
    static (inside,outside) 209.84.23.x 192.168.1.58 netmask 255.255.255.255
    static (inside,outside) 209.84.23.x 192.168.1.74 netmask 255.255.255.255
    static (inside,outside) 209.84.23.x 192.168.1.22 netmask 255.255.255.255
    static (inside,outside) 209.84.23.x 192.168.1.78 netmask 255.255.255.255
    static (inside,outside) 209.84.23.x 192.168.1.1 netmask 255.255.255.255
    access-group 100 in interface outside
    access-group outbound in interface inside
    route outside 0.0.0.0 0.0.0.0 209.84.23.214 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    username eastern password 4FsAsQ9qHIX/yaV/ encrypted
    username worldvision password FZIm6HFr1iuxwOIv encrypted
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    telnet 192.168.1.10 255.255.255.255 inside
    telnet timeout 15
    ssh timeout 5
    console timeout 0
    dhcpd lease 3600
    dhcpd ping_timeout 50
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map global_policy
    class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    !
    service-policy global_policy global
    Cryptochecksum:84b5f7ba0b9c691e57f1d62f5547fdaa
    : end
     
    Last edited: Apr 9, 2008
    packets, Apr 9, 2008
    #1
    1. Advertising

  2. packets

    packets

    Joined:
    Apr 9, 2008
    Messages:
    2
    I have tried nat (inside) 1 192.168.1.0 255.255.255.0 but still the same.

    Does it have a bearing?
     
    packets, Apr 9, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Roy Weekes
    Replies:
    2
    Views:
    589
    Geert
    Apr 23, 2004
  2. brewman_63@yahoo.com

    Using Linksys WRT54G as router with DHCP server

    brewman_63@yahoo.com, Apr 25, 2005, in forum: Cisco
    Replies:
    1
    Views:
    10,163
    Fred Atkinson
    Apr 25, 2005
  3. Rick
    Replies:
    9
    Views:
    4,290
    dkmort
    Jul 20, 2009
  4. =?Utf-8?B?SGFyb29uIE1hbGlr?=

    DHCP Server migration to a 64 bit Clustered Server

    =?Utf-8?B?SGFyb29uIE1hbGlr?=, May 30, 2007, in forum: Windows 64bit
    Replies:
    2
    Views:
    729
    =?Utf-8?B?SGFyb29uIE1hbGlr?=
    Jun 4, 2007
  5. Joed
    Replies:
    3
    Views:
    7,039
    Lawrence Garvin \(MVP\)
    Dec 15, 2008
Loading...

Share This Page