PIX 515E
I have configured the PIX in a fairly vanilla manner but I cannot seem to even ping through it. Not even from the inside. I was under the impression that the default implicit outbound rule would allow inside hosts to ping the outside. Even when I add an access-list entry for this it is not working.
I cant even ping a far side interface on the firewall.
This is my first configuration so any help is appreciated
TOPOLOGY:
Network A (Inside)
172.16.0.0/20
Network B (Outside)
222.222.222.0/24
Network C (Dmz)
10.0.0.0/8
PIX FIREWALL CONFIGURATION:
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security10
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix
domain-name api-wi.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
<--- More --->
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside 222.222.222.1 255.255.255.0
ip address inside 172.16.0.1 255.255.240.0
ip address dmz 10.0.0.1 255.0.0.0
ip audit info action alarm
ip audit attack action alarm
pdm location 172.16.0.2 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 222.222.222.100-222.222.222.149 netmask 255.255.255.0
global (outside) 1 222.222.222.150 netmask 255.255.255.255
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 222.222.222.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 172.16.0.2 255.255.255.255 inside
no snmp-server location
no snmp-server contact
<--- More --->
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:385ddaf348dcd27e60e1d6cb98800cca
I have configured the PIX in a fairly vanilla manner but I cannot seem to even ping through it. Not even from the inside. I was under the impression that the default implicit outbound rule would allow inside hosts to ping the outside. Even when I add an access-list entry for this it is not working.
I cant even ping a far side interface on the firewall.
This is my first configuration so any help is appreciated
TOPOLOGY:
Network A (Inside)
172.16.0.0/20
Network B (Outside)
222.222.222.0/24
Network C (Dmz)
10.0.0.0/8
PIX FIREWALL CONFIGURATION:
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security10
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix
domain-name api-wi.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
<--- More --->
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside 222.222.222.1 255.255.255.0
ip address inside 172.16.0.1 255.255.240.0
ip address dmz 10.0.0.1 255.0.0.0
ip audit info action alarm
ip audit attack action alarm
pdm location 172.16.0.2 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 222.222.222.100-222.222.222.149 netmask 255.255.255.0
global (outside) 1 222.222.222.150 netmask 255.255.255.255
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 222.222.222.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 172.16.0.2 255.255.255.255 inside
no snmp-server location
no snmp-server contact
<--- More --->
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:385ddaf348dcd27e60e1d6cb98800cca