Avi, You have a few things in your config that look strange:
1) static (inside,outside) 192.168.2.13 216.6.24.129 netmask 255.255.255.255 This creates a static with the outside address of 192.168.2.13, which you indicate is your router's IP address, and an inside address of 216.6.24.129, which you indicate is your inside PIX interface. This makes no sense. A static translation is used to create a new address on the outside that is not currently in use by any device to map to an inside end device, such as a server. I don't understand what you are trying to do with this command and this may be the cause of your problem. 2) route inside 0.0.0.0 0.0.0.0 216.6.24.129 1 You are pointing the PIX's inside default route to its own interface? I don't see what you are trying to accomplish by doing this, if there is no inside router you should just leave of the route inside command. 3) You say outside hosts are able to reach 216.6.24.130, do you mean they are able to ping the host? If the outside hosts can ping the inside host, the inside host should be able to ping the outside hosts since you have a conduit permit icmp any in your config. If the .130 host is a unix box, sometimes they try to resolve names during ping, so it may be that your ping is failing because name lookups are failing. Just a guess. It looks like something is not correct with your static command, so I would fix that first. Also, you are running a very old version of code at 4.4, you are 2 major release behind, so there may also be some weird bug present in this code rev, I would strongly consider upgrading the code to current levels. HTH, Kent -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Avi Sent: Thursday, April 04, 2002 9:01 AM To: [EMAIL PROTECTED] Subject: PIX Question !!! [7:40465] Hi, I am facing a problem on PIX 515 as described below. Firewall: Cisco PIX 515 Firewall Software Version: 4.4(7) PIX setup: --------- H - 216.6.24.130 255.255.255.192 | |------------Public Accessed Servers(216.6.24.0 - Public addresses) | | - 216.6.24.129 255.255.255.192 PIX | - 192.168.2.14 /30 | | | - 192.168.2.13 /30 R | - 192.168.2.6 /30 | | | - 192.168.2.5 /30 R (ISP Router) | | |------------Proxy Server | 192.118.52.54 Following is the config: ---------------------- PIX Version 4.4(7) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 8Ry2YjIyt7RRXU24 encrypted passwd AoM2ZahaIYl9kEoj encrypted hostname nungunungu fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 names pager lines 24 logging on no logging timestamp no logging console no logging monitor no logging buffered no logging trap logging facility 20 logging queue 512 inerface ethernet0 auto interface ethernet1 100basetx mtu outside 1500 mtu inside 1500 ip address outside 192.168.2.14 255.255.255.248 ip address inside 216.6.24.129 255.255.255.192 no failover failover timeout 0:00:00 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 arp timeout 14400 nat (inside) 0 216.6.24.0 255.255.255.0 0 0 static (inside,outside) 192.168.2.13 216.6.24.129 netmask 255.255.255.255 0 0 conduit permit tcp host 216.6.24.177 eq smtp any conduit permit tcp host 216.6.24.186 eq smtp any conduit permit tcp any host 192.118.52.54 eq www conduit permit icmp any any conduit permit tcp host 216.6.24.189 host 216.6.24.5 eq ftp conduit permit tcp host 216.6.24.189 host 216.6.24.5 eq ftp-data conduit permit tcp host 216.6.24.185 host 216.6.24.40 eq smtp conduit permit tcp host 216.6.24.185 host 216.6.24.10 eq smtp conduit permit tcp host 216.6.24.185 host 216.6.24.5 eq smtp conduit permit tcp host 216.6.24.185 host 216.6.24.19 eq 5001 conduit permit tcp host 216.6.24.185 host 216.6.24.10 eq 5001 conduit permit tcp host 216.6.24.185 host 216.6.24.5 eq 5001 conduit permit tcp host 216.6.24.184 host 216.6.24.21 eq 3306 conduit permit tcp host 216.6.24.184 host 216.6.24.28 eq 3306 conduit permit tcp host 216.6.24.10 eq domain any conduit permit tcp host 192.118.52.54 eq 8080 any conduit permit tcp host 192.118.52.54 eq 3180 any conduit permit tcp host 192.118.52.54 eq www any no rip outside passive no rip outside default no rip inside passive no rip inside default route outside 0.0.0.0 0.0.0.0 192.168.2.13 1 route inside 0.0.0.0 0.0.0.0 216.6.24.129 1 timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community mic-test-03 no snmp-server enable traps telnet 216.6.24.16 255.255.255.255 telnet timeout 15 terminal width 80 PROBLEM ======== My problem is frm host 216.6.24.130 I can ping inside interface of PIX, but I can't ping outside interface of PIX nor the internal router. Also i am not able to ping the proxy server. Sitting on the PIXI am able to ping inside as well as outside, even the Proxy server. Also outside hosts are able to reach the host 216.6.24.130. Can someone pls throw some light on this as to where i am going wrong or i am missing on some command. Ur kind help will be appreciated a lot. Thanxs & Rgds, Avi. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40500&t=40465 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
