PIX 515: Factory default has stopped the PIX working

Discussion in 'Cisco' started by Gary, Dec 17, 2005.

  1. Gary

    Gary Guest

    I reset a PIX 515 back to default factory settings, previously I had used
    ASDM to connect.

    However now I cannot connect via ASDM or ping the PIX. Both of which I
    previously had been able to do prior to resettig to factory default
    settings.

    I enabled ICMP to try pinging but to no avail.

    My config is as shown below, could anyone see why I cannot connect?

    PIX Version 7.0(1)
    names
    !
    interface Ethernet0
    speed 100
    duplex full
    nameif outside
    security-level 0
    ip address dhcp setroute
    !
    interface Ethernet1
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    !
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname pixfirewall
    ftp mode passive
    access-list acl_out extended permit icmp any any
    pager lines 24
    logging buffered debugging
    logging asdm informational
    mtu inside 1500
    no failover
    monitor-interface outside
    monitor-interface inside
    asdm image flash:/asdm-501.bin
    no asdm history enable
    arp timeout 14400
    access-group acl_out in interface outside
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address 192.168.1.2-192.168.1.254 inside
    dhcpd lease 3600
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map global_policy
    class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp

    Thanks
     
    Gary, Dec 17, 2005
    #1
    1. Advertisements

  2. Did you generate a new CA ? Factory default would reset the
    hostname and ssh / ssl access depends upon the key matching properly.
    There were a number of bugs fixed after 7.0(1).

    I notice your configuration has no 'icmp' command, but the default
    is to permit ping, so that shouldn't be the answer, in theory.
     
    Walter Roberson, Dec 17, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.