drpain
join:2008-02-08
2 edits | [Config] Cisco PIX 515 Help
Mode note: Post moved from this thread: »[Config] Cisco PIX 515 Help
Re: [Config] Cisco PIX 515 Help
I also have the same issue, and am sure i have the right configuration, my NAT is not working.
below are my configuration
User Access Verification
Password:
Type help or '?' for a list of available commands.
ke-sip-pix2> en
Password:
ke-sip-pix2# sh run
: Saved
:
PIX Version 7.2(2)
!
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 196.1.26.36 255.255.255.224
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone eat 3
dns server-group DefaultDNS
domain-name kencall.com
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.10.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 196.1.26.36 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.10.0 255.255.255.0 inside
telnet 192.168.0.0 255.255.254.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:243dc0760145733b6d337b635e58d93e
This is the output of sh nat
NAT policies on Interface outside:
match ip outside host 196.1.26.48 outside any
dynamic translation to pool 1 (196.1.26.36 [Interface PAT])
translate_hits = 0, untranslate_hits = 0
NAT policies on Interface inside:
match ip inside 192.168.10.0 255.255.255.0 outside any
dynamic translation to pool 1 (196.1.26.36 [Interface PAT])
translate_hits = 118, untranslate_hits = 12
match ip inside 192.168.10.0 255.255.255.0 inside any
dynamic translation to pool 1 (No matching global)
translate_hits = 0, untranslate_hits = 0 |
|
aryoba
Premium,MVM
join:2002-08-22 | In your case, there are routing problems in addition to potential NAT issue. As a start, is there a reason why you have default gateway pointing to Outside Interface IP address?  |
|
drpain
join:2008-02-08
| reply to drpain
Thanks for the response. What I want to achieve is connect to the internet and that is why i have my default gateway pointing to outside interface Ip address.
please let me know the routing problem and NAT issues that are there.
i believe the configuration that i have should be able to allow me access the internet from my LAN(inside)
I have tried to figure out where I am wrong for the past one week.
- |
|
elnino
join:2006-08-27
Akron, OH
| Your default gateway address (aka next hop) address is set to 196.1.26.36 which is the same as your outside interface. The default gateway should be changed to your ISP's router address so it knows where to send all your traffic. I'm guessing it should be 196.1.26.33. |
|
