/ Sign-up
Your question

Cisco PIX 515E question

  • Firewalls
  • Networking
Last response: in Networking
March 2, 2009 8:06:25 PM

I'm having some troubles setting up a new firewall. (I'm new to firewalls)I've got the unit up with configured IP addresses on inside and outside. Downloaded and installed ASDM software. I can't seem to get it to pass traffic.
The unit is being used to secure one network from the rest of our company network.
Inside interface is
The PIX will be the gateway on this network.
Outside interface is
Gateway on the outside network is a Cisco 6500 MSFC which connects to the rest of the company.

Thanks, Dave

I have included a show run:

PIX Version 7.2(2)
hostname pixfirewall
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
name GAC
name Plant
interface Ethernet0
nameif outside
security-level 0
ip address
interface Ethernet1
nameif inside
security-level 100
ip address
interface Ethernet2
nameif intf2
security-level 4
no ip address
passwd 0aywtm/YUv1U3jNB encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit intra-interface
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list inside_access_in extended permit ip any
access-list inside_access_in extended permit icmp any
access-list outside_access_in extended permit icmp Plant
access-list outside_access_in extended permit icmp GAC
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu intf2 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm image flash:/asdm-524.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 1
router rip
version 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
no sysopt connection permit-vpn
telnet Plant outside
telnet GAC outside
telnet inside
telnet timeout 5
ssh timeout 5
ssh version 1
console timeout 0
dhcpd dns
dhcpd wins
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd address inside
dhcpd enable inside
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:D 8ad1ad3a52aec150a71ccd959a2681a
: end
asdm image flash:/asdm-524.bin
asdm location GAC inside
asdm history enable

More about : cisco pix 515e question

June 12, 2009 8:05:38 PM

There may be more but your biggest issue is this.

nat (inside) 0

That is telling your firewall to NOT nat any traffic.
Enter this.
no nat (inside) 0
nat (inside) 1

That will let your (inside) traffic connect to anything accessable by the outside interface. With your current config nothing from outside can get inside.