of course if you are telneted or sshed through the pix, a 10 minutes xlate
timeout will really piss off your users. I think we have our set to 4
hours.
""Rik Guyler"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Experience. Those of us that have worked on the PIX line for a number of
> years think this new-fangled idea of using the outside interface for PAT
is
> pretty slick. We never had that option in the past.
>
> One thing looking at your config: I don't know how big your company is,
but
> I would set the xlate timeout to something a little more reasonable than
24
> hours. Something like 30 or 60 minutes or even 10 minutes (my choice).
> Keeping all of those translations around just ties up memory.
>
> ---
> Rik Guyler
>
> -----Original Message-----
> From: Pierre-Alex [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 08, 2001 8:14 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Can't ping outside of PIX [7:15205]---- FIXED [7:15316]
>
>
> I changed the global statement to another IP address and the PC was able
to
> ping on the Internet.
>
> I also removed the inside route and the PC was still able to ping ...
>
> I am curious. Where did you find this information? I used:
>
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v4/pixcfg/pixc
> ncfg.htm
>
> Pierre-Alex
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> cheekin
> Sent: Wednesday, August 08, 2001 8:27 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Can't ping outside of PIX [7:15205]
>
>
> I think you will need to give a different range of IP address for the
global
> statement. The global statement and the outside interface are using the
> same ip address.
>
> I also think that the route inside statement is not necessary in this
case.
> You can use sh route to display the routing table.
>
> PIX gurus, correct me if I am wrong.
>
>
> cheekin
>
> ----- Original Message -----
> From: "Pierre-Alex"
> To:
> Sent: Wednesday, August 08, 2001 11:34
> Subject: Can't ping outside of PIX [7:15205]
>
>
> > I have spent the all day on the problem below and I still can't see what
I
> > did wrong.
> >
> > Can you help?
> >
> > The PC can ping the inside ip address of the firewall
> > The Firewall can ping the default-gateway and anything on the Internet
> > But I cannot get the PC to ping the outside IP address of the firewall
> > (208.136.247.214)
> > or anything outside like (206.26.90.8).
> >
> >
> > |PC|(1)----------(2)|PIX|(3)-----------------(4)--DSL MODEM
> >
> > PC (1): ip address 10.1.1.12
> > subnet mask: 255.255.255.0
> > default gateway: 10.1.1.10
> >
> > PIX (2): ip adddress 10.1.1.10
> > subnet mask: 255.255.255.0
> >
> > PIX (3i ip address 208.136.247.214
> > subnet mask: 255.255.255.0
> >
> > DSL MODEM (4): ip address 208.136.247.1
> > subnet mask: 255.255.255.0
> >
> >
> >
> > PIX Version 4.0.7
> > enable password 8Ry2YjIyt7RRXU24 encrypted
> > passwd kIQggKv8.UiICW/r encrypted
> > hostname pixfirewall
> > failover
> > names
> > syslog output 20.3
> > no syslog console
> > interface ethernet outside 10baset
> > interface ethernet inside 10baset
> > ip address inside 10.1.1.10 255.255.255.0
> > ip address outside 208.136.247.214 255.255.255.0
> > arp timeout 14400
> > global 1 208.136.247.214-208.136.247.214
> > nat 1 0.0.0.0 0.0.0.0
> > age 10
> > no rip outside passive
> > no rip outside default
> > no rip inside passive
> > no rip inside default
> > route outside 0.0.0.0 0.0.0.0 208.136.247.1 1
> > route inside 0.0.0.0 0.0.0.0 10.1.1.12
> > timeout xlate 24:00:00 conn 12:00:00 udp 0:02:00
> > timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00
> > no snmp-server location
> > no snmp-server contact
> > mtu outside 1500
> > mtu inside 1500
> > : end
> > [OK]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15457&t=15205
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
