Basic PIX and Router config help

Discussion in 'Cisco' started by SteveBosell, Sep 16, 2007.

  1. SteveBosell

    SteveBosell Guest

    I have a simple setup

    Internet---DSLmodem---PIX----router

    My problem is that the router can not access the internet through the pix. If I set up a host on the same network as the internal interfase of the PIX (and router) and set the default gateway to the PIX, it can access the internet just fine. The routers default gateway is the PIX and it can ping the pix, I am pulling my hair out, any help would be appreciated.

    Here are the configs:

    Router config

    Current configuration : 1239 bytes
    !
    version 12.4
    no service timestamps debug uptime
    no service timestamps log uptime
    service password-encryption
    !
    hostname r1
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$WZtG$6Gfm80YfKQLNHCppUB1
    enable password 7 120A15131F18
    !
    no aaa new-model
    !
    resource policy
    !
    mmi polling-interval 60
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    ip subnet-zero
    ip cef
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    no ip address
    speed auto
    full-duplex
    fair-queue
    no cdp enable
    no mop enabled
    !
    interface FastEthernet0/0.2
    encapsulation dot1Q 2 native
    ip address 192.168.1.2 255.255.255.0
    no snmp trap link-status
    !
    interface FastEthernet0/0.3
    encapsulation dot1Q 3
    ip address 192.168.2.2 255.255.255.0
    no snmp trap link-status
    !
    interface FastEthernet0/1
    ip address 192.168.0.2 255.255.255.0
    duplex auto
    speed auto
    no cdp enable
    !
    ip default-gateway 192.168.1.5
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.1.5
    !
    !
    ip http server
    no ip http secure-server
    !
    snmp-server community public RO
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    line aux 0
    line vty 0 4
    password 7 14040619003E
    login
    !
    no process cpu extended
    no process cpu autoprofile hog
    end


    ----------------------------------------------------------------------------------------------------------------------------
    PIX Version 6.3(5)
    interface ethernet0 10full
    interface ethernet1 10full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password yHJEhTyJXEDD.A encrypted
    passwd yHJEhTyJX51E.A encrypted
    hostname pixfirewall
    domain-name ciscopix.com
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    access-list inbound permit tcp any any eq www
    access-list inbound permit tcp any any eq 16080
    access-list inbound permit tcp any any eq ssh
    access-list inbound permit tcp any any eq 6881
    access-list inbound permit tcp any any eq 6871
    access-list inbound permit udp any any eq 5060
    access-list inbound permit udp any any eq 5190
    access-list inbound permit udp any any eq 5297
    access-list inbound permit udp any any eq 5298
    access-list inbound permit udp any any eq 5353
    access-list inbound permit udp any any eq 5678
    access-list inbound permit udp any any eq 16384
    access-list inbound permit udp any any eq 16385
    access-list inbound permit udp any any eq 16386
    access-list romanna_splitTunnelAcl permit ip 192.168.0.0 255.255.0.0 any
    access-list inside_outbound_nat0_acl permit ip 192.168.0.0 255.255.0.0 192.168.1.192 255.255.255.224
    access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.192 255.255.255.224
    pager lines 24
    logging on
    logging buffered notifications
    logging trap debugging
    mtu outside 1500
    mtu inside 1500
    ip address outside pppoe setroute
    ip address inside 192.168.1.5 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool vpnips 192.168.1.200-192.168.1.210
    pdm location 192.168.1.99 255.255.255.255 inside
    pdm location 192.168.0.0 255.255.0.0 inside
    pdm location 192.168.10.0 255.255.255.0 inside
    pdm location 192.168.1.105 255.255.255.255 inside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_outbound_nat0_acl
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) tcp interface www 192.168.1.99 www netmask 255.255.255.255 0 0
    static (inside,outside) tcp interface 16080 192.168.1.99 16080 netmask 255.255.255.255 0 0
    static (inside,outside) tcp interface ssh 192.168.1.99 ssh netmask 255.255.255.255 0 0
    static (inside,outside) tcp interface 6881 192.168.1.105 6881 netmask 255.255.255.255 0 0
    static (inside,outside) udp interface 6881 192.168.1.105 6881 netmask 255.255.255.255 0 0
    static (inside,outside) udp interface 6871 192.168.1.105 6871 netmask 255.255.255.255 0 0
    static (inside,outside) tcp interface 6871 192.168.1.105 6871 netmask 255.255.255.255 0 0
    static (inside,outside) udp interface 5060 192.168.1.105 5060 netmask 255.255.255.255 0 0
    static (inside,outside) udp interface 5190 192.168.1.105 5190 netmask 255.255.255.255 0 0
    static (inside,outside) udp interface 5297 192.168.1.105 5297 netmask 255.255.255.255 0 0
    static (inside,outside) udp interface 5298 192.168.1.105 5298 netmask 255.255.255.255 0 0
    static (inside,outside) udp interface 5353 192.168.1.105 5353 netmask 255.255.255.255 0 0
    static (inside,outside) udp interface 5678 192.168.1.105 5678 netmask 255.255.255.255 0 0
    access-group inbound in interface outside
    router ospf 100
    log-adj-changes
    route inside 192.168.10.0 255.255.255.0 192.168.1.1 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout sip-disconnect 0:02:00 sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http 192.168.0.0 255.255.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    sysopt connection permit-l2tp
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map client authentication LOCAL
    crypto map outside_map interface outside
    isakmp enable outside
    isakmp nat-traversal 20
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption des
    isakmp policy 20 hash md5
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    vpngroup romanna address-pool vpnips
    vpngroup romanna dns-server 192.168.1.99 4.2.2.4
    vpngroup romanna default-domain rc.net
    vpngroup romanna split-tunnel rc_splitTunnelAcl
    vpngroup romanna idle-time 1800
    vpngroup romanna password ********
    telnet 192.168.0.0 255.255.0.0 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    vpdn group ISP request dialout pppoe
    vpdn group ISP localname rc
    vpdn group ISP ppp authentication pap
    vpdn group vpngroup client configuration address local vpnips
    vpdn group vpngroup pptp echo 60
    vpdn group vpngroup client authentication local
    vpdn username rc password *********
    vpdn username rc password *********
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
     
    SteveBosell, Sep 16, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.