Stuck in a PIX and can't get out 1

[wholmer]

I am trying to install a PIX 515E running ver 6.3(1) and PDM 3.0(1)
When I plug it into the network no one can get out.

Simple config.
There is a router on the outside that the Outside interface of the PIX plugs into (I can't do anything there it's not mine) call it 199.199.199.1.
The PIX, Outside is 192.168.1.1 and inside is 199.199.199.2.
There is to be NO NAT and every one is on the 199.199.199.any subnet.
To the PIX I added, route outside 0.0.0.0 0.0.0.0 199.199.199.1 255.255.255.0 and for no nat I added, access-list 101 permit ip 199.199.199.0 255.255.255.0 any and
nat inside 0 access-list 101.
When I do a show nat I get, nat (inside) 0 access-list 101. What am I missing to get outside access?

 

[BuckWeet]

well you want something like this

ip address outside 192.168.1.1 (probably /24)
ip address inside 199.199.199.2 (probably /24)

access-list 101 permit ip 199.199.199.0 255.255.255.0 any

nat (inside) 0 access-list 101




no route statements needed in the PIX other than the default route for the outside.

 

[wholmer]

Thats what I have and its not working. You think it could be the, route outside 0.0.0.0 0.0.0.0 198.120.42.1 . Could there a problem having the same subnet address on the outside router? It's like this
Internet - Router - PIX - Inside network
Router interface 199.199.199.1 - {192.168.1.1 PIX 199.199.199.2} 199.199.199.any, with default gatway 199.199.199.2

 

[wholmer]

OPPs Forgot to edit the numbers.

Thats what I have and its not working. You think it could be the, route outside 0.0.0.0 0.0.0.0 199.199.199.1 . Could there a problem having the same subnet address on the outside router? It's like this
Internet - Router - PIX - Inside network
Router interface 199.199.199.1 - {192.168.1.1 PIX 199.199.199.2} 199.199.199.any, with default gatway 199.199.199.2

 

[BuckWeet]

you have your ip's backwards then

you said 199.199.199.2 is your inside address and you said 192.168.1.1 is your outside addres on hte first post..

 

[wholmer]

What I said in first post is correct,sorry for confusion
Internet - Router - PIX - Inside network
Outside Router interface 199.199.199.1 -
{192.168.1.1 Outside PIX Inside 199.199.199.2}
Network 199.199.199.any, with default gatway 199.199.199.2

 

[themut]

Sorry but you have to modify your LAN addresses... the PIX on the outside must be on the same subnet as the outside router (199.199.199.1) and the inside interface should be on a different subnet, this means you need to change the IP address on your LAN and assign a different subnet then configure a static translation for the internal subnet:

ip address outside 199.199.199.2 <mask>
ip address inside 192.168.1.1 255.255.255.0
static (inside, outside) 199.199.199.199.0 192.168.1.0 netmask 255.255.255.0
route outside 0.0.0.0 0.0.0.0 199.199.199.1

gateway for all host should be 192.168.1.1

Hope it helps!