Hi, All the inside addresses are valid internet IP addresses i.e. 216.6.24.189, so i need not do Nating.
Thanxs & Rgds, Avi. ""[EMAIL PROTECTED], Jason Contractor (NSANAP N63)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Avi, > > Your not doing any type of nat translation for the inside network. If you > are not doing any Nat translations then the hosts inside will never be able > to get outside. > > -----Original Message----- > From: Avi [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 02, 2002 9:01 AM > To: [EMAIL PROTECTED] > Subject: Question on PIX [7:40146] > > Hi, > > I am facing a problem on PIX 515 as described below. > Firewall: Cisco PIX 515 > Firewall Software Version: 4.4(7) > > PIX setup: > --------- > > Host: > 216.6.24.189 > > ---------------R-----------------------------------PIX-------------------- -- > -------------R--- > 216.6.24.175 172.16.10.1/30 172.16.10.2/30 192.168.2.6/30 > 192.166.2.5/30 > > > Following is the config: > ---------------------- > PIX Version 4.4(7) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > hostname nungunungu > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > names > pager lines 24 > logging on > no logging timestamp > no logging console > no logging monitor > no logging buffered > no logging trap > logging facility 20 > logging queue 512 > interface ethernet0 100basetx > interface ethernet1 100basetx > mtu outside 1500 > mtu inside 1500 > ip address outside 192.168.2.6 255.255.255.252 > ip address inside 172.16.10.2 255.255.255.252 > no failover > failover timeout 0:00:00 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > arp timeout 14400 > conduit permit tcp host 216.6.24.177 eq smtp any > conduit permit tcp host 216.6.24.186 eq smtp any > conduit permit tcp any host 192.118.52.54 eq www > conduit permit icmp any any > conduit permit tcp host 216.6.24.189 host 216.6.24.5 eq ftp > conduit permit tcp host 216.6.24.189 host 216.6.24.5 eq ftp-data > conduit permit tcp host 216.6.24.185 host 216.6.24.40 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.10 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.5 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.19 eq 5001 > conduit permit tcp host 216.6.24.185 host 216.6.24.10 eq 5001 > conduit permit tcp host 216.6.24.185 host 216.6.24.5 eq 5001 > conduit permit tcp host 216.6.24.184 host 216.6.24.21 eq 3306 > conduit permit tcp host 216.6.24.184 host 216.6.24.28 eq 3306 > conduit permit tcp host 216.6.24.10 eq domain any > conduit permit tcp host 192.118.52.54 eq 8080 any > conduit permit tcp host 192.118.52.54 eq 3180 any > conduit permit tcp host 192.118.52.54 eq www any > no rip outside passive > no rip outside default > rip inside passive > rip inside default > route outside 0.0.0.0 0.0.0.0 192.168.2.5 1 > > > PROBLEM > ------------ > > Host 216.6.24.189 in the inside network can ping the internal interface of > the PIX but can't ping the outside interface of the PIX nor any host in the > outside network. Any host frm outside network can ping outside interface of > the PIX, but can't ping the inside interface of the PIX or any host in the > inside network. Sitting on PIX i am able to ping hosts in the inside as well > as outside networks. Static routes have been defined on both the routers. > > Can someone pls help\guide me in solving this problem. > > Thanxs in advance. > > Rgds, > Avtar. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40159&t=40146 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
