[c-nsp] PIX515 don't want to allocate ip address on interface.

Michael K. Smith mksmith at adhost.com
Fri Aug 4 16:39:08 EDT 2006


Hello Nikolay:


On 8/4/06 11:46 AM, "Nikolay Pavlov" <quetzal at zone3000.net> wrote:

> On Thursday,  3 August 2006 at 14:10:10 -0700, Michael K. Smith wrote:
>> Hello:
>> 
>> 
>> 
>> I think a little more information is required.  How about:
>> 
>> 1) sho interface ethernet0
>> 2) sho interface ethernet1
>> 3) sho arp
>> 4) What is the syntax for the ping command you are using?
>> 5) Have you done the necessary steps to create ssh keys, including adding
>> your domain name and then generating the key?
>> 
>> Regards,
>> 
>> Mike
> 
> Ok... Here is additional information:
> 
> cspix515-fw1-NY# sh interface ethernet 0
> Interface Ethernet0 "outside", is up, line protocol is up
>   Hardware is i82559, BW 100 Mbps
>         Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
>         MAC address 0003.e300.0e6c, MTU 1500
>         IP address unassigned
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>         3647 packets input, 220501 bytes, 0 no buffer
>         Received 3649 broadcasts, 0 runts, 0 giants
>         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>         0 L2 decode drops
>         0 packets output, 0 bytes, 0 underruns
>         0 output errors, 0 collisions, 0 interface resets
>         0 babbles, 0 late collisions, 0 deferred
>         0 lost carrier, 0 no carrier
>         input queue (curr/max blocks): hardware (128/128) software (0/93)
>         output queue (curr/max blocks): hardware (0/0) software (0/0)
>   Traffic Statistics for "outside":
>         3547 packets input, 164723 bytes
>         0 packets output, 0 bytes
>         20 packets dropped
> 
> x515-fw1-NY# sh interface ethernet 1
> Interface Ethernet1 "inside", is up, line protocol is up
>   Hardware is i82559, BW 100 Mbps
>         Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
>         MAC address 0003.e300.0e6d, MTU 1500
>         IP address unassigned
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>         8853 packets input, 531180 bytes, 0 no buffer
>         Received 8853 broadcasts, 0 runts, 0 giants
>         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>         0 L2 decode drops
>         0 packets output, 0 bytes, 0 underruns
>         0 output errors, 0 collisions, 0 interface resets
>         0 babbles, 0 late collisions, 0 deferred
>         0 lost carrier, 0 no carrier
>         input queue (curr/max blocks): hardware (128/128) software (0/97)
>         output queue (curr/max blocks): hardware (0/0) software (0/0)
>   Traffic Statistics for "inside":
>         8747 packets input, 402362 bytes
>         0 packets output, 0 bytes
>         0 packets dropped
> 
> cspix515-fw1-NY# sh arp
> empty ... 
> 
> Don't worry about ssh, i know the procedure...
> 
> Here is once again "sh ip address" command:
> 
> cspix515-fw1-NY# sh ip address
> System IP Addresses:
> Interface                Name                   IP address      Subnet
> mask     Method
> Ethernet0                outside                xx.xx.57.54 255.255.255.192
> CONFIG
> Ethernet1                inside                 192.168.1.1 255.255.255.0
> CONFIG
> Current IP Addresses:
> Interface                Name                   IP address      Subnet mask
> Method
> 
> Here all is empty...
> 
> To prevent your next questions guys here goes my config:
> 
> ======================================================================
> 
> cspix515-fw1-NY# sh run
> : Saved
> :
> PIX Version 7.1(2)
> !
> hostname cspix515-fw1-NY
> domain-name MY.TLD
> enable password HIDE encrypted
> names
> !
> interface Ethernet0
>  nameif outside
>  security-level 0
>  ip address xx.xx.57.54 255.255.255.192
> !
> interface Ethernet1
>  nameif inside
>  security-level 100
>  ip address 192.168.1.1 255.255.255.0
> !
> passwd HIDE encrypted
> boot system flash:/pix712.bin
> ftp mode passive
> clock timezone ET -5
> clock summer-time EST recurring
> dns domain-lookup outside
> dns server-group DefaultDNS
>  name-server xx.xx.60.10
>  domain-name MY.TLD
> access-list 100 extended permit icmp any any echo
> access-list 100 extended permit icmp any any echo-reply
> access-list 100 extended permit tcp any any range ssh telnet


Okay, I'm stumped.  Have you done the usual shut/no-shut on the interfaces
and perhaps rebooted the PIX?  That configuration looks perfect and *should*
work as far as I know.

Mike



More information about the cisco-nsp mailing list