Avi, It doesn't matter that the inside addresses are valid. They still need to be translated outside. You must either enter statics or create an access list specifying that these addresses should not be natted. Also since your inside network is the 172.16.10.x network, and the 216.6.24 network is on another router inside. You need to create default route to the 216.6.24.x network with the ip address of the router that is connected.
Try this on the pix static (inside,outside) 216.6.24.0 216.6.24.0 netmask 255.255.255.0 ip route inside 216.6.24.0 255.255.255.0 172.16.10.1 You will also need to add a route to the 216.6.27.x network pointing to the pix's outside interface on the 192.166.2.5 router. Add this to the outside router Ip route 216.6.24.0 255.255.255.0 192.168.2.6 After that you should be able to ping. Jason -----Original Message----- From: Avi [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 11:06 AM To: [EMAIL PROTECTED] Subject: Re: Question on PIX [7:40146] Hi, All the inside addresses are valid internet IP addresses i.e. 216.6.24.189, so i need not do Nating. Thanxs & Rgds, Avi. ""[EMAIL PROTECTED], Jason Contractor (NSANAP N63)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Avi, > > Your not doing any type of nat translation for the inside network. If you > are not doing any Nat translations then the hosts inside will never be able > to get outside. > > -----Original Message----- > From: Avi [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 02, 2002 9:01 AM > To: [EMAIL PROTECTED] > Subject: Question on PIX [7:40146] > > Hi, > > I am facing a problem on PIX 515 as described below. > Firewall: Cisco PIX 515 > Firewall Software Version: 4.4(7) > > PIX setup: > --------- > > Host: > 216.6.24.189 > > ---------------R-----------------------------------PIX-------------------- -- > -------------R--- > 216.6.24.175 172.16.10.1/30 172.16.10.2/30 192.168.2.6/30 > 192.166.2.5/30 > > > Following is the config: > ---------------------- > PIX Version 4.4(7) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > hostname nungunungu > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > names > pager lines 24 > logging on > no logging timestamp > no logging console > no logging monitor > no logging buffered > no logging trap > logging facility 20 > logging queue 512 > interface ethernet0 100basetx > interface ethernet1 100basetx > mtu outside 1500 > mtu inside 1500 > ip address outside 192.168.2.6 255.255.255.252 > ip address inside 172.16.10.2 255.255.255.252 > no failover > failover timeout 0:00:00 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > arp timeout 14400 > conduit permit tcp host 216.6.24.177 eq smtp any > conduit permit tcp host 216.6.24.186 eq smtp any > conduit permit tcp any host 192.118.52.54 eq www > conduit permit icmp any any > conduit permit tcp host 216.6.24.189 host 216.6.24.5 eq ftp > conduit permit tcp host 216.6.24.189 host 216.6.24.5 eq ftp-data > conduit permit tcp host 216.6.24.185 host 216.6.24.40 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.10 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.5 eq smtp > conduit permit tcp host 216.6.24.185 host 216.6.24.19 eq 5001 > conduit permit tcp host 216.6.24.185 host 216.6.24.10 eq 5001 > conduit permit tcp host 216.6.24.185 host 216.6.24.5 eq 5001 > conduit permit tcp host 216.6.24.184 host 216.6.24.21 eq 3306 > conduit permit tcp host 216.6.24.184 host 216.6.24.28 eq 3306 > conduit permit tcp host 216.6.24.10 eq domain any > conduit permit tcp host 192.118.52.54 eq 8080 any > conduit permit tcp host 192.118.52.54 eq 3180 any > conduit permit tcp host 192.118.52.54 eq www any > no rip outside passive > no rip outside default > rip inside passive > rip inside default > route outside 0.0.0.0 0.0.0.0 192.168.2.5 1 > > > PROBLEM > ------------ > > Host 216.6.24.189 in the inside network can ping the internal interface of > the PIX but can't ping the outside interface of the PIX nor any host in the > outside network. Any host frm outside network can ping outside interface of > the PIX, but can't ping the inside interface of the PIX or any host in the > inside network. Sitting on PIX i am able to ping hosts in the inside as well > as outside networks. Static routes have been defined on both the routers. > > Can someone pls help\guide me in solving this problem. > > Thanxs in advance. > > Rgds, > Avtar. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40161&t=40146 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
