[c-nsp] PIX515 don't want to allocate ip address on interface.
Michael K. Smith
mksmith at adhost.com
Fri Aug 4 16:39:08 EDT 2006
Hello Nikolay:
On 8/4/06 11:46 AM, "Nikolay Pavlov" <quetzal at zone3000.net> wrote:
> On Thursday, 3 August 2006 at 14:10:10 -0700, Michael K. Smith wrote:
>> Hello:
>>
>>
>>
>> I think a little more information is required. How about:
>>
>> 1) sho interface ethernet0
>> 2) sho interface ethernet1
>> 3) sho arp
>> 4) What is the syntax for the ping command you are using?
>> 5) Have you done the necessary steps to create ssh keys, including adding
>> your domain name and then generating the key?
>>
>> Regards,
>>
>> Mike
>
> Ok... Here is additional information:
>
> cspix515-fw1-NY# sh interface ethernet 0
> Interface Ethernet0 "outside", is up, line protocol is up
> Hardware is i82559, BW 100 Mbps
> Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
> MAC address 0003.e300.0e6c, MTU 1500
> IP address unassigned
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 3647 packets input, 220501 bytes, 0 no buffer
> Received 3649 broadcasts, 0 runts, 0 giants
> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
> 0 L2 decode drops
> 0 packets output, 0 bytes, 0 underruns
> 0 output errors, 0 collisions, 0 interface resets
> 0 babbles, 0 late collisions, 0 deferred
> 0 lost carrier, 0 no carrier
> input queue (curr/max blocks): hardware (128/128) software (0/93)
> output queue (curr/max blocks): hardware (0/0) software (0/0)
> Traffic Statistics for "outside":
> 3547 packets input, 164723 bytes
> 0 packets output, 0 bytes
> 20 packets dropped
>
> x515-fw1-NY# sh interface ethernet 1
> Interface Ethernet1 "inside", is up, line protocol is up
> Hardware is i82559, BW 100 Mbps
> Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
> MAC address 0003.e300.0e6d, MTU 1500
> IP address unassigned
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 8853 packets input, 531180 bytes, 0 no buffer
> Received 8853 broadcasts, 0 runts, 0 giants
> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
> 0 L2 decode drops
> 0 packets output, 0 bytes, 0 underruns
> 0 output errors, 0 collisions, 0 interface resets
> 0 babbles, 0 late collisions, 0 deferred
> 0 lost carrier, 0 no carrier
> input queue (curr/max blocks): hardware (128/128) software (0/97)
> output queue (curr/max blocks): hardware (0/0) software (0/0)
> Traffic Statistics for "inside":
> 8747 packets input, 402362 bytes
> 0 packets output, 0 bytes
> 0 packets dropped
>
> cspix515-fw1-NY# sh arp
> empty ...
>
> Don't worry about ssh, i know the procedure...
>
> Here is once again "sh ip address" command:
>
> cspix515-fw1-NY# sh ip address
> System IP Addresses:
> Interface Name IP address Subnet
> mask Method
> Ethernet0 outside xx.xx.57.54 255.255.255.192
> CONFIG
> Ethernet1 inside 192.168.1.1 255.255.255.0
> CONFIG
> Current IP Addresses:
> Interface Name IP address Subnet mask
> Method
>
> Here all is empty...
>
> To prevent your next questions guys here goes my config:
>
> ======================================================================
>
> cspix515-fw1-NY# sh run
> : Saved
> :
> PIX Version 7.1(2)
> !
> hostname cspix515-fw1-NY
> domain-name MY.TLD
> enable password HIDE encrypted
> names
> !
> interface Ethernet0
> nameif outside
> security-level 0
> ip address xx.xx.57.54 255.255.255.192
> !
> interface Ethernet1
> nameif inside
> security-level 100
> ip address 192.168.1.1 255.255.255.0
> !
> passwd HIDE encrypted
> boot system flash:/pix712.bin
> ftp mode passive
> clock timezone ET -5
> clock summer-time EST recurring
> dns domain-lookup outside
> dns server-group DefaultDNS
> name-server xx.xx.60.10
> domain-name MY.TLD
> access-list 100 extended permit icmp any any echo
> access-list 100 extended permit icmp any any echo-reply
> access-list 100 extended permit tcp any any range ssh telnet
Okay, I'm stumped. Have you done the usual shut/no-shut on the interfaces
and perhaps rebooted the PIX? That configuration looks perfect and *should*
work as far as I know.
Mike
More information about the cisco-nsp
mailing list