Kevin, Kim's right... If you've posted your entire config, then you've not opened any ports. By default, the PIX won't allow traffic through. You have to specifically enable what you want. Create an access list and apply it to the inside interface:
access-list acl_inside permit ip any any access-group acl_inside in interface inside Craig At 03:49 PM 7/26/2002 +0000, you wrote: >hi Kim, > >Thanks for your advice, ill try it.. > >-Kevin > > >From: Kim Graham > >To: "Kevin O'Gilvie" , > >Subject: Re: Can get it to work (Pix 515 behind cable modem) [7:49744] > >Date: Fri, 26 Jul 2002 7:34:51 -0400 > > > >I am new to the pix so please verify these entries before you try them > >(older version of pix) you need to add conduit statements. This version of > >PIX (6.2(2)) may be able to use access lists so check on that prior to > >putting in the conduits. Once you have entered the conduit statements > >clear the xlate and then try to initiate a session to the outside world. > >(show conduit, show xlate, clear xlate) > > > >example: > >conduit permit icmp any any > >conduit permit tcp any any eq www > > > >Kim > > > > > > > > From: "Kevin O'Gilvie" > > > Date: 2002/07/26 Fri AM 01:20:23 EDT > > > To: [EMAIL PROTECTED] > > > Subject: Can get it to work (Pix 515 behind cable modem) [7:49744] > > > > > > Dear All, > > > > > > Below is my config. > > > Can someone tell me why ckients on the inside interface cant get to the > > > internet (browwse, ping, nothing) > > > Yet show xlate shows clients Pat(ing) to outside address.. > > > I am so frustrated, dont know whats the issue???!!! > > > > > > PIX Version 6.2(2) > > > nameif ethernet0 outside security0 > > > nameif ethernet1 inside security100 > > > nameif ethernet2 dmz security50 > > > enable password 8Ry2YjIyt7RRXU24 encrypted > > > passwd 2KFQnbNIdI.2KYOU encrypted > > > hostname pixfirewall > > > fixup protocol ftp 21 > > > fixup protocol http 80 > > > fixup protocol h323 h225 1720 > > > fixup protocol h323 ras 1718-1719 > > > fixup protocol ils 389 > > > fixup protocol rsh 514 > > > fixup protocol rtsp 554 > > > fixup protocol sqlnet 1521 > > > fixup protocol sip 5060 > > > fixup protocol skinny 2000 > > > no fixup protocol smtp 25 > > > names > > > pager lines 24 > > > logging on > > > logging trap debugging > > > logging host inside 192.168.0.2 > > > interface ethernet0 100full > > > interface ethernet1 100full > > > interface ethernet2 100full > > > mtu outside 1500 > > > mtu inside 1500 > > > mtu dmz 1500 > > > ip address outside dhcp setroute > > > ip address inside 192.168.0.1 255.255.255.0 > > > ip address dmz 127.0.0.1 255.255.255.255 > > > ip audit info action alarm > > > ip audit attack action alarm > > > pdm history enable > > > arp timeout 14400 > > > global (outside) 1 interface > > > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > > > timeout xlate 0:30:00 > > > timeout conn 0:15:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > > > 0:05:00 si > > > p 0:30:00 sip_media 0:02:00 > > > timeout uauth 0:05:00 absolute > > > aaa-server TACACS+ protocol tacacs+ > > > aaa-server RADIUS protocol radius > > > aaa-server LOCAL protocol local > > > no snmp-server location > > > no snmp-server contact > > > snmp-server community public > > > no snmp-server enable traps > > > floodguard enable > > > sysopt connection permit-ipsec > > > sysopt connection permit-pptp > > > no sysopt route dnat > > > telnet 192.168.0.2 255.255.255.255 inside > > > telnet timeout 60 > > > ssh timeout 5 > > > dhcpd auto_config outside > > > terminal width 80 > > > Cryptochecksum:0d7e04757f9b50f2a77acb163265e3ea > > > : end > > > [OK] > > > > > > _________________________________________________________________ > > > Send and receive Hotmail on your mobile device: http://mobile.msn.com >_________________________________________________________________ >Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49784&t=49744 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
