[c-nsp] Pix DSL problem

Josh Duffek consultantjd16 at ridemetro.org
Wed Oct 20 11:57:00 EDT 2004 

Try this:

Config t
access-list f00 permit icmp any any
access-group f00 in interface outside
end
wr


josh duffek    network engineer
consultantjd16 at ridemetro.org
desk:              713-739-4849
mobile:            713-291-2365

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Baker Gareth
> Sent: Wednesday, October 20, 2004 10:35 AM
> To: 'cisco-nsp at puck.nether.net'
> Subject: RE: [c-nsp] Pix DSL problem
> 
> Josh, I tried the out of the box config, thus:
> 
> PIX Version 6.3(3)
> interface ethernet0 auto
> interface ethernet1 100full
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> enable password [removed] encrypted
> passwd [removed] encrypted
> hostname pixfirewall
> fixup protocol dns maximum-length 512
> fixup protocol ftp 21
> fixup protocol h323 h225 1720
> fixup protocol h323 ras 1718-1719
> fixup protocol http 80
> fixup protocol rsh 514
> fixup protocol rtsp 554
> fixup protocol sip 5060
> fixup protocol sip udp 5060
> fixup protocol skinny 2000
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol tftp 69
> names
> pager lines 24
> mtu outside 1500
> mtu inside 1500
> ip address outside dhcp setroute
> ip address inside 192.168.1.1 255.255.255.0
> ip audit info action alarm
> ip audit attack action alarm
> pdm logging informational 100
> pdm history enable
> arp timeout 14400
> global (outside) 1 interface
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> timeout xlate 0:05:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
> 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media
0:02:00
> timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http
> server enable http 192.168.1.0 255.255.255.0 inside no snmp-server
> location
> no snmp-server contact snmp-server community public no snmp-server
enable
> traps floodguard enable telnet timeout 5 ssh timeout 5 console timeout
0
> dhcpd address 192.168.1.2-192.168.1.33 inside dhcpd lease 3600 dhcpd
> ping_timeout 750 dhcpd auto_config outside dhcpd enable inside
terminal
> width 80
> 
> 
> -----Original Message-----
> From: Josh Duffek [mailto:consultantjd16 at ridemetro.org]
> Sent: 20 October 2004 16:07
> To: Baker Gareth; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] Pix DSL problem
> 
> 
> Need to see the config.
> 
> josh duffek    network engineer
> consultantjd16 at ridemetro.org
> desk:              713-739-4849
> mobile:            713-291-2365
> 
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Baker Gareth
> > Sent: Wednesday, October 20, 2004 9:49 AM
> > To: 'cisco-nsp at puck.nether.net'
> > Subject: [c-nsp] Pix DSL problem
> >
> > Hi
> >
> > I'm having problems getting a Pix 501 to work over DSL.
> >
> > I'm using a Dlink DSL 300T Adsl Modem connected to the Pix's outside
> > interface. The DSL connection is using Dynamic IP allocation and the
> PIX
> > is
> > setup to use 'outside interface dhcp setroute'.
> >
> > The 501 comes pre-configured to work in this setup. I see it get an
IP
> > address and a 'show route' reveals that it successfully receives an
IP
> and
> > the default route is the outside interface. But no traffic gets to
the
> > outside interface (I did a debug packet outside and never saw any
> traffic
> > from an internal PC)
> >
> > If I manually configure the dynamic IP to the outside interface &
give
> a
> > default route as listed in the log on the DSL modem it works fine.
The
> > problem seems to be related to the Gateway and the way this is
passed
> via
> > DHCP.
> >
> > I've done a bit of digging and this seems to be an accepted practise
> using
> > a
> > Pix 501 with DHCP on the outside through DSL modem.
> >
> > Anyone any ideas?
> >
> >
> >
**********************************************************************
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please
notify
> > the system manager.
> >
> > This footnote also confirms that this email message has been swept
by
> > MIMEsweeper for the presence of computer viruses.
> >
> > www.mimesweeper.com
> >
**********************************************************************
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> -----Original Message-----
> From: Josh Duffek [mailto:consultantjd16 at ridemetro.org]
> Sent: 20 October 2004 16:07
> To: Baker Gareth; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] Pix DSL problem
> 
> 
> Need to see the config.
> 
> josh duffek    network engineer
> consultantjd16 at ridemetro.org
> desk:              713-739-4849
> mobile:            713-291-2365
> 
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Baker Gareth
> > Sent: Wednesday, October 20, 2004 9:49 AM
> > To: 'cisco-nsp at puck.nether.net'
> > Subject: [c-nsp] Pix DSL problem
> >
> > Hi
> >
> > I'm having problems getting a Pix 501 to work over DSL.
> >
> > I'm using a Dlink DSL 300T Adsl Modem connected to the Pix's outside
> > interface. The DSL connection is using Dynamic IP allocation and the
> PIX
> > is
> > setup to use 'outside interface dhcp setroute'.
> >
> > The 501 comes pre-configured to work in this setup. I see it get an
IP
> > address and a 'show route' reveals that it successfully receives an
IP
> and
> > the default route is the outside interface. But no traffic gets to
the
> > outside interface (I did a debug packet outside and never saw any
> traffic
> > from an internal PC)
> >
> > If I manually configure the dynamic IP to the outside interface &
give
> a
> > default route as listed in the log on the DSL modem it works fine.
The
> > problem seems to be related to the Gateway and the way this is
passed
> via
> > DHCP.
> >
> > I've done a bit of digging and this seems to be an accepted practise
> using
> > a
> > Pix 501 with DHCP on the outside through DSL modem.
> >
> > Anyone any ideas?
> >
> >
> >
**********************************************************************
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please
notify
> > the system manager.
> >
> > This footnote also confirms that this email message has been swept
by
> > MIMEsweeper for the presence of computer viruses.
> >
> > www.mimesweeper.com
> >
**********************************************************************
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list