CISCO PIX 515e

[Schoolies]

I'm lucky enough to be able to play with (try to play with) a CISCO PIX 515e Firewall. I've printed out and read a bunch of "how to's" but I can not get anywhere with this thing.

I'm only trying to get it to provide Internet access to the clients that are connected to it. I believe the problem is with my NAT and Static Route configurations.

Here are the settings for the PIX:
#show ip
Inside IP: 192.168.1.1
Mask: 255.255.255.0

Outside IP: 192.168.10.22
Mask: 255.255.255.0

#show route
outside 0.0.0.0 0.0.0.0 192.168.10.22 1 1
inside 192.168.1.0 255.255.255.0 192.168.1.1 1
outside 192.168.10.0 255.255.255.0 192.168.10.22 1

#show nat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

#show global
global (outside) 1 192.168.10.23 netmask 255.255.255.0



The router which leads to the Internet is:
Inside IP: 192.168.10.1
Mask: 255.255.255.0

Outside IP: dyanamic

I found and followed the following link but it is still not working (the client computers get an IP address but can not access the Internet):
http://www.cisco.com/univercd/cc/td/doc...bu/pix/pix_v51/config/config.htm#23241

This is a learning experience for me so please go easy on me!

 

[Goosemaster]

you need to create an access list


oine sec

 

[Goosemaster]

access-list 102 permit ip 192.168.10.0 0.0.0.255 any

 

[Goosemaster]

you did set the WANT IP to DHCP right?


ROUTER#(config-int) ip address dhcp
ROUTER#(config-int) no shutdown

 

[Schoolies]

I gave the Outside WAN IP a static 192.168.10.22 address and the Inside 192.168.1.1.

I have it connected as follows:

Laptop -> PIX -> Switch -> SOHO router ->cable modem ....

The SOHO router gives out DHCP. The switch is a cheapo linksys.


When I tried that access list, access-list 102 permit ip 192.168.10.0 0.0.0.255 any, it gave me errors. I tried access-list 102 permit ip 192.168.10.0 255.255.255.0 any but that didn't work either.

Thanks!

 

[Goosemaster]

ohhhhhhhhhhh....I thought it was connected directly to the internet...

 

[Goosemaster]

if you give it a static ip you have to specify gateway, DNS name servers etc.....


router#config t
router(config)# ip name-server x.x.x.x <---your SOHO routers LAN IP

....then you have to define a static route

router(config)# ip route 0.0.0.0 0.0.0.0 x.x.x.x <---the LAN address of your SOHO ROUTER


...dude...just use DHCP + static route....

 

[petey117]

you don't need dns to make it work
you also need an access list for your inside nat
i see that you already have the route in place

why not post a show conf (changing any sensitive data)