[c-nsp] PIX515 don't want to allocate ip address on interface.
Michael K. Smith
mksmith at adhost.com
Thu Aug 3 17:10:10 EDT 2006
Hello:
On 8/3/06 11:59 AM, "Nikolay Pavlov" <quetzal at zone3000.net> wrote:
> Hi, guys. I want to define ip address on both outside and inside
> interfaces of my PIX515. I am not familiar with PIX's and smash my head
> trying to understand why i can't neither ping gateway from it nor connect to
> it:
>
> cspix515-fw1-NY# sh ip address
> System IP Addresses:
> Interface Name IP address Subnet
> mask Method
> Ethernet0 outside x.x.57.54 255.255.255.192
> CONFIG
> Ethernet1 inside 192.168.1.1 255.255.255.0
> CONFIG
> Current IP Addresses:
> Interface Name IP address Subnet mask
> Method
>
> !
> interface Ethernet0
> nameif outside
> security-level 0
> ip address x.x.57.54 255.255.255.192
> !
> interface Ethernet1
> nameif inside
> security-level 100
> ip address 192.168.1.1 255.255.255.0
> !
> route outside 0.0.0.0 0.0.0.0 x.x.57.1 1
>
> access-list 100 extended permit icmp any any echo
> access-list 100 extended permit icmp any any echo-reply
> access-list 100 extended permit tcp any any range ssh telnet
>
> access-group 100 in interface outside
>
I think a little more information is required. How about:
1) sho interface ethernet0
2) sho interface ethernet1
3) sho arp
4) What is the syntax for the ping command you are using?
5) Have you done the necessary steps to create ssh keys, including adding
your domain name and then generating the key?
Regards,
Mike
More information about the cisco-nsp
mailing list