Problem getting connectivity between pix501 cisco2600

Discussion in 'Cisco' started by Christopher_Klein, Aug 23, 2006.

  1. Christopher_Klein

    Christopher_Klein

    Joined:
    Aug 23, 2006
    Messages:
    1
    Greetings,

    I'm trying to move a working config that is INET->Cisco2500->PIX501->Lan over to a Cisco 2600 (hardware upgrade, yea!). I inherited this so I'm not 100% of everything

    I basically have the identical config that is on the 2500 running on the 2600 which allowances for IOS changes, but I simply cannot get connectivity to the outside world via the lan.

    I must be missing something obvious and I was wondering if anyone saw anything glaringly wrong with my config and could maybe offer suggestions (bare bones config comes to mind)

    Code:
    sho conf
    Using 6463 out of 29688 bytes
    !
    ! Last configuration change at 09:26:46 est Wed Aug 23 2006
    ! NVRAM config last updated at 09:26:48 est Wed Aug 23 2006
    !
    version 12.0
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    !
    hostname gateway
    !
    logging buffered 16000 informational
    logging console notifications
    aaa new-model
    
    ip subnet-zero
    no ip source-route
    no ip finger
    ip tcp synwait-time 5
    no ip bootp server
    ip domain-name fubar.com
    ip name-server 209.x.y.z
    ip name-server 209.x.y.z
    clock timezone EST -5
    clock summer-time est recurring
    !
    !
    !
    interface Loopback0
     description Main loopback interface
     ip address 10.0.0.7 255.255.255.255
     no ip directed-broadcast
    !
    interface Ethernet0/0
     description LAN
     ip address 66.x.y.65 255.255.255.240 secondary
     ip address 66.x.y.34 255.255.255.252
     no ip redirects
     no ip unreachables
     no ip directed-broadcast
     no ip proxy-arp
     ip nat inside
     no cdp enable
    !
    interface Serial0/0
     description Link to ISP
     no ip address
     no ip directed-broadcast
     encapsulation frame-relay
     no ip route-cache
     no ip mroute-cache
     logging event subif-link-status
     logging event dlci-status-change
     frame-relay lmi-type ansi
    !
    interface Serial0/1
     description T1 DSU
     bandwidth 1544
     no ip address
     no ip directed-broadcast
     encapsulation frame-relay IETF
     no ip route-cache
     no ip mroute-cache
     logging event subif-link-status
     logging event dlci-status-change
     frame-relay lmi-type ansi
    !
    interface Serial0/1.600 point-to-point
     description DLCI 600
     bandwidth 1544
     ip address 66.x.y.250 255.255.255.252
     ip access-group 101 in
     ip access-group 122 out
     no ip directed-broadcast
     no ip route-cache
     no ip mroute-cache
     no cdp enable
     frame-relay interface-dlci 600   
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Serial0/1.600
    !
    logging facility local6
    logging source-interface Loopback0
    logging 10.0.100.2
    access-list 1 permit 10.0.0.0 0.255.255.255
    access-list 90 deny   any log
    access-list 101 deny   tcp 61.0.0.0 0.255.255.255 any
    access-list 101 deny   tcp 69.0.0.0 0.255.255.255 any
    access-list 101 deny   tcp 24.0.0.0 0.255.255.255 any
    access-list 101 permit tcp any 66.x.y.0 0.0.0.255 gt 1023 established
    access-list 101 deny   ip 66.x.y.0 0.0.0.255 any log
    access-list 101 deny   ip host 66.x.y.34 host 66.x.y.34 log
    access-list 101 deny   ip 127.0.0.0 0.255.255.255 any log
    access-list 101 deny   ip 10.0.0.0 0.255.255.255 any log
    access-list 101 deny   ip 0.0.0.0 0.255.255.255 any log
    access-list 101 deny   ip 172.16.0.0 0.15.255.255 any log
    access-list 101 deny   ip 192.168.0.0 0.0.255.255 any log
    access-list 101 deny   ip 192.0.2.0 0.0.0.255 any log
    access-list 101 deny   ip 169.254.0.0 0.0.255.255 any log
    access-list 101 deny   ip 224.0.0.0 15.255.255.255 any log
    access-list 101 deny   ip any host 66.x.y.255 log
    access-list 101 deny   ip any host 66.x.y.0 log
    access-list 101 deny   icmp any any echo log
    access-list 101 deny   icmp any any redirect log
    access-list 101 deny   icmp any any mask-request log
    access-list 101 permit icmp any 66.x.y.0 0.0.0.255
    access-list 101 deny   tcp any any range 6000 6063 log
    access-list 101 deny   tcp any any eq 6667 log
    access-list 101 deny   tcp any any range 12345 12346 log
    access-list 101 deny   tcp any any eq 31337 log
    access-list 101 permit tcp any eq ftp-data 66.x.y.0 0.0.0.255 gt 1023
    access-list 101 deny   udp any any eq 2049 log
    access-list 101 deny   udp any any eq 31337 log
    access-list 101 deny   udp any any range 33400 34400 log
    access-list 101 permit udp any eq domain 66.x.y.0 0.0.0.255
    access-list 101 permit udp any eq ntp 66.x.y.0 0.0.0.255 gt 1023
    access-list 101 permit tcp any any eq smtp log
    access-list 101 permit tcp any any eq 8080 log
    access-list 101 permit udp any any eq ntp
    access-list 101 deny   tcp any range 0 65535 any range 0 65535 log
    access-list 101 deny   udp any range 0 65535 any range 0 65535 log
    access-list 101 deny   ip any any log
    access-list 122 permit ip any any
    no cdp run
    rmon alarm 1 ifEntry.13.1 30 delta rising-threshold 40 1 falling-threshold 0 owner rscg
    banner login ^C
    Unauthorized Access prohibited.  Access Logged. ^C
    banner motd 
    ^C
    privilege exec level 15 connect
    privilege exec level 15 telnet
    privilege exec level 15 rlogin
    privilege exec level 15 show ip access-lists
    privilege exec level 1 show ip
    privilege exec level 15 show access-lists
    privilege exec level 15 show logging
    privilege exec level 1 show
    !
    end
    
    gateway#
    
    The 2600 can see the outside world and the pix, the pix can see the 2600 and the inside lan, so I'm just stumped and have been starting at this too long

    Thanks in advance,

    Chris
    Christopher_Klein, Aug 23, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dmitry Andreev
    Replies:
    1
    Views:
    6,423
  2. cyrus
    Replies:
    0
    Views:
    858
    cyrus
    Nov 24, 2003
  3. Tony Dai
    Replies:
    0
    Views:
    382
    Tony Dai
    Apr 22, 2004
  4. makhan

    VLAN connection to CISCO2600

    makhan, Oct 24, 2006, in forum: Hardware
    Replies:
    2
    Views:
    635
    makhan
    Oct 27, 2006
  5. RJ45
    Replies:
    1
    Views:
    377
    Doug McIntyre
    Jan 24, 2008
Loading...

Share This Page