506e wont resolve DNS names

Discussion in 'Cisco' started by Sabrtooth, Mar 23, 2008.

  1. Sabrtooth


    Mar 23, 2008
    Likes Received:
    Hey guys, I'm trying to break my way into the Cisco world here, and this is simply my attempt at figuring out a pix interface.

    I have the system all nice and setup, but low and behold, for some reason I can NOT get my PIX 506e to forward DNS. My computer can ping I.P. but not by dns name. nslookup times out on all lookups.

    My DNS servers are all external. I can PING but not www.google.com.

    I'm really excited to get this working, so I'm hoping you all can point me in a good direction. Config is posted below.

    Thanks for all help!

    : Written by enable_15 at 22:48:23.125 UTC Fri Mar 21 2008
    PIX Version 6.3(5)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 0*** encrypted
    passwd 0588woX*** encrypted
    hostname nspgateway
    domain-name northshorepractices.com
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol icmp error
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    object-group icmp-type icmp-grp
    description ICMP Types allowed into the PIX
    icmp-object echo-reply
    icmp-object unreachable
    icmp-object time-exceeded
    access-list inside_access_in permit ip any any
    access-list outside_in permit icmp any any object-group icmp-grp
    access-list outside_in deny ip any
    access-list outside_in deny icmp any
    access-list inside_in permit ip any
    access-list inside_in permit icmp any
    access-list inside_in deny ip any any
    access-list inbound permit tcp any interface outside eq 3389
    pager lines 24
    logging timestamp
    mtu outside 1500
    mtu inside 1500
    ip address outside dhcp setroute retry 4
    ip address inside
    ip audit info action alarm
    ip audit attack action alarm
    pdm location inside
    pdm location inside
    pdm location inside
    pdm location inside
    pdm location outside
    pdm location inside
    pdm location 71.***.***.*** outside
    pdm location outside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 dns 0 0
    nat (inside) 1 dns 0 0
    access-group outside_in in interface outside
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout sip-disconnect 0:02:00 sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http inside
    http inside
    http inside
    http inside
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet timeout 5
    ssh outside
    ssh inside
    ssh inside
    ssh inside
    ssh inside
    ssh timeout 5
    console timeout 0
    dhcpd address inside
    dhcpd dns
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
    dhcpd enable inside
    username fun password ***** encrypted privilege 15
    terminal width 80
    Last edited: Mar 24, 2008
    Sabrtooth, Mar 23, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.