Sign in with
Sign up | Sign in
Your question

Cisco pix 525 problem

Last response: in Networking
Share
April 29, 2012 1:16:00 AM

Hello Everyone,

I have had a cisco pix 515 2 weeks ago and for some reason it died. Now i have got a Cisco PIX 525 VPN Firewall and i loaded the same configuration i had on my previous PIX 515, All the links seem up and running but when i try to access my barracuda, or connect to my servers remotely from logmein they dont appear online on my Logmein web console and cant even be reached. Even my mail server can not send emails out nor receive. If anyone will be able to help me on this issue i would really appreciate it a lot because i am new in cisco PIX firewalls.

Here is the show config below:

-----------------------------------------
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password jqiZ8bp1ti4sUnO4 encrypted
passwd jqiZ8bp1ti4sUnO4 encrypted
hostname MRPIX
domain-name xxxxxxxxx.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
names
access-list acl_out permit icmp any any
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
no logging buffered
no logging trap
no logging history
logging facility 20
logging queue 512
logging host outside 172.19.0.211
interface ethernet0 100full
interface ethernet1 100full
mtu outside 1500
mtu inside 1500
ip address outside 38.xxx.xxx.210 255.255.255.240
ip address inside 10.49.32.5 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
arp timeout 14400
nat (inside) 1 10.49.32.0 255.255.255.0 0 0
static (inside,outside) 38.xxx.xxx.215 10.49.32.242 netmask 255.255.255.255 0 0
static (inside,outside) 38.xxx.xxx.216 10.49.32.243 netmask 255.255.255.255 0 0
static (inside,outside) 38.xxx.xxx.211 10.49.32.250 netmask 255.255.255.255 0 0
static (inside,outside) 38.xxx.xxx.212 10.49.32.11 netmask 255.255.255.255 0 0
static (inside,outside) 38.xxx.xxx.213 10.49.32.254 netmask 255.255.255.255 0 0
static (inside,outside) 38.xxx.xxx.214 10.49.32.249 netmask 255.255.255.255 0 0
conduit permit tcp host 38.xxx.xxx.212 eq smtp any
conduit permit tcp host 38.xxx.xxx.212 eq 465 any
conduit permit tcp host 38.xxx.xxx.212 eq pop3 any
conduit permit tcp host 38.xxx.xxx.212 eq 995 any
conduit permit tcp host 38.xxx.xxx.212 eq 143 any
conduit permit tcp host 38.xxx.xxx.212 eq 993 any
conduit permit tcp host 38.xxx.xxx.212 eq www any
conduit permit tcp host 38.xxx.xxx.212 eq 443 any
conduit permit tcp host 38.xxx.xxx.212 eq ftp any
conduit permit tcp host 38.xxx.xxx.212 eq ftp-data any
conduit permit tcp host 38.xxx.xxx.209 eq smtp any
conduit permit tcp host 38.xxx.xxx.209 eq 465 any
conduit permit tcp host 38.xxx.xxx.209 eq pop3 any
conduit permit tcp host 38.xxx.xxx.209 eq 995 any
conduit permit tcp host 38.xxx.xxx.209 eq 143 any
conduit permit tcp host 38.xxx.xxx.209 eq 993 any
conduit permit tcp host 38.xxx.xxx.209 eq www any
conduit permit tcp host 38.xxx.xxx.209 eq 443 any
conduit permit tcp host 38.xxx.xxx.209 eq ftp-data any
conduit permit tcp host 38.xxx.xxx.209 eq ftp any
conduit permit tcp host 38.xxx.xxx.209 eq domain any
conduit permit udp host 38.xxx.xxx.209 eq domain any
conduit permit udp host 38.xxx.xxx.209 eq ntp any
conduit permit tcp host 38.xxx.xxx.209 eq 8081 any
conduit permit tcp host 38.xxx.xxx.209 eq 8082 any
conduit permit tcp host 38.xxx.xxx.209 eq 4899 any
conduit permit tcp host 38.xxx.xxx.209 eq 22 any
conduit permit tcp host 38.xxx.xxx.215 eq www any
conduit permit tcp host 38.xxx.xxx.215 eq 443 any
conduit permit tcp host 38.xxx.xxx.215 eq 1494 any
conduit permit udp host 38.xxx.xxx.215 eq 1604 any
conduit permit tcp host 38.xxx.xxx.215 eq 2513 any
conduit permit tcp host 38.xxx.xxx.215 eq 2598 any
conduit permit tcp host 38.xxx.xxx.215 eq 3389 any
conduit permit tcp host 38.xxx.xxx.215 eq 8082 any
conduit permit tcp host 38.xxx.xxx.215 eq 27000 any
conduit permit tcp host 38.xxx.xxx.209 eq 5060 any
conduit permit tcp host 38.xxx.xxx.209 eq 5061 any
conduit permit tcp host 38.xxx.xxx.211 eq smtp any
conduit permit tcp host 38.xxx.xxx.211 eq 465 any
conduit permit tcp host 38.xxx.xxx.211 eq www any
conduit permit tcp host 38.xxx.xxx.211 eq 443 any
conduit permit tcp host 38.xxx.xxx.211 eq pop3 any
conduit permit tcp host 38.xxx.xxx.211 eq 995 any
conduit permit tcp host 38.xxx.xxx.211 eq 143 any
conduit permit tcp host 38.xxx.xxx.211 eq 993 any
conduit permit tcp host 38.xxx.xxx.213 eq ftp-data any
conduit permit tcp host 38.xxx.xxx.213 eq ftp any
conduit permit tcp host 38.xxx.xxx.213 eq www any
conduit permit tcp host 38.xxx.xxx.213 eq 443 any
conduit permit tcp host 38.xxx.xxx.216 eq 3389 any
conduit permit tcp host 38.xxx.xxx.216 eq www any
conduit permit tcp host 38.xxx.xxx.216 eq 443 any
conduit permit tcp host 38.xxx.xxx.216 eq 8080 any
conduit permit tcp host 38.xxx.xxx.211 eq 8081 any
conduit permit tcp host 38.xxx.xxx.216 eq 4343 any
conduit permit tcp host 38.xxx.xxx.214 eq ftp-data any
conduit permit tcp host 38.xxx.xxx.214 eq ftp any
route outside 0.0.0.0 0.0.0.0 38.conduit permit tcp host 38.xxx.xxx.212 eq smtp any
conduit permit tcp host 38.xxx.xxx.212 eq 465 any
conduit permit tcp host 38.xxx.xxx.212 eq pop3 any
conduit permit tcp host 38.xxx.xxx.212 eq 995 any
conduit permit tcp host 38.xxx.xxx.212 eq 143 any
conduit permit tcp host 38.xxx.xxx.212 eq 993 any
conduit permit tcp host 38.xxx.xxx.212 eq www any
conduit permit tcp host 38.xxx.xxx.212 eq 443 any
conduit permit tcp host 38.xxx.xxx.212 eq ftp any
conduit permit tcp host 38.xxx.xxx.212 eq ftp-data any
conduit permit tcp host 38.xxx.xxx.209 eq smtp any
conduit permit tcp host 38.xxx.xxx.209 eq 465 any
conduit permit tcp host 38.xxx.xxx.209 eq pop3 any
conduit permit tcp host 38.xxx.xxx.209 eq 995 any
conduit permit tcp host 38.xxx.xxx.209 eq 143 any
conduit permit tcp host 38.xxx.xxx.209 eq 993 any
conduit permit tcp host 38.xxx.xxx.209 eq www any
conduit permit tcp host 38.xxx.xxx.209 eq 443 any
conduit permit tcp host 38.xxx.xxx.209 eq ftp-data any
conduit permit tcp host 38.xxx.xxx.209 eq ftp any
conduit permit tcp host 38.xxx.xxx.209 eq domain any
conduit permit udp host 38.xxx.xxx.209 eq domain any
conduit permit udp host 38.xxx.xxx.209 eq ntp any
conduit permit tcp host 38.xxx.xxx.209 eq 8081 any
conduit permit tcp host 38.xxx.xxx.209 eq 8082 any
conduit permit tcp host 38.xxx.xxx.209 eq 4899 any
conduit permit tcp host 38.xxx.xxx.209 eq 22 any
conduit permit tcp host 38.xxx.xxx.215 eq www any
conduit permit tcp host 38.xxx.xxx.215 eq 443 any
conduit permit tcp host 38.xxx.xxx.215 eq 1494 any
conduit permit udp host 38.xxx.xxx.215 eq 1604 any
conduit permit tcp host 38.xxx.xxx.215 eq 2513 any
conduit permit tcp host 38.xxx.xxx.215 eq 2598 any
conduit permit tcp host 38.xxx.xxx.215 eq 3389 any
conduit permit tcp host 38.xxx.xxx.215 eq 8082 any
conduit permit tcp host 38.xxx.xxx.215 eq 27000 any
conduit permit tcp host 38.xxx.xxx.209 eq 5060 any
conduit permit tcp host 38.xxx.xxx.209 eq 5061 any
conduit permit tcp host 38.xxx.xxx.211 eq smtp any
conduit permit tcp host 38.xxx.xxx.211 eq 465 any
conduit permit tcp host 38.xxx.xxx.211 eq www any
conduit permit tcp host 38.xxx.xxx.211 eq 443 any
conduit permit tcp host 38.xxx.xxx.211 eq pop3 any
conduit permit tcp host 38.xxx.xxx.211 eq 995 any
conduit permit tcp host 38.xxx.xxx.211 eq 143 any
conduit permit tcp host 38.xxx.xxx.211 eq 993 any
conduit permit tcp host 38.xxx.xxx.213 eq ftp-data any
conduit permit tcp host 38.xxx.xxx.213 eq ftp any
conduit permit tcp host 38.xxx.xxx.213 eq www any
conduit permit tcp host 38.xxx.xxx.213 eq 443 any
conduit permit tcp host 38.xxx.xxx.216 eq 3389 any
conduit permit tcp host 38.xxx.xxx.216 eq www any
conduit permit tcp host 38.xxx.xxx.216 eq 443 any
conduit permit tcp host 38.xxx.xxx.216 eq 8080 any
conduit permit tcp host 38.xxx.xxx.211 eq 8081 any
conduit permit tcp host 38.xxx.xxx.216 eq 4343 any
conduit permit tcp host 38.xxx.xxx.214 eq ftp-data any
conduit permit tcp host 38.xxx.xxx.214 eq ftp any
route outside 0.0.0.0 0.0.0.0 38.xxx.xxx.209 1
timeout xlate 3:00:00.209 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
snmp-server host outside 172.19.0.211
no snmp-server location
no snmp-server contact
snmp-server community InnovativeNet
snmp-server enable traps
floodguard enable
no sysopt route dnat
isakmp identity hostname
telnet 199.xx.xx.226 255.255.255.255 outside
telnet 10.49.32.0 255.255.255.0 inside
telnet timeout 15
ssh timeout 5
terminal width 80
Cryptochecksum:9553cb531a69f18224cfc4662f57ace4


Thank You Very Much.

More about : cisco pix 525 problem

April 29, 2012 2:36:27 AM

Can you user authenticate remotely via SSH or Telnet? Can you ping from the outside to the outside interface of the firewall? Also, what version of PIX/ASA code were you running on the old device, and what version are you running on this one?
April 29, 2012 2:43:36 AM

Hi sk1939,

Just checked and i can not authenticate via telnet or SSH, the IOS version on my old PIX 515 was 5.2, and the new PIX 525 IOS is 6.3
Related resources
April 29, 2012 2:44:50 AM

Hi sk1939,

Just checked and i can not authenticate via telnet or SSH, the IOS version on my old PIX 515 was 5.2, and the new PIX 525 IOS is 6.3

April 29, 2012 3:04:27 AM

That may be your issue as not all the commands migrate successfully from 5.2 to 6.3, not to mention the potential differences in licenses. What is the license on the 525?
April 29, 2012 3:10:11 AM

This Cisco PIX 525 has a unrestricted license. See below:

|| ||
|| ||
|||| ||||
..:||||||:..:||||||:..
c i s c o S y s t e m s
Private Internet eXchange
-----------------------------------------------------------------------
Cisco PIX Firewall

Cisco PIX Firewall Version 6.3(4)
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 8
Maximum Interfaces: 12
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited

This PIX has an Unrestricted (UR) license.
April 29, 2012 6:49:25 AM

Can you ping from the inside to the outside interface?
April 30, 2012 12:24:09 PM

Hi sk1939

Sorry i could not reply to your message earlier because i wasnt home. Anyways when i ping the outside interface it seems like its not working because its giving me the -- 0ms, Please see below:

MRPIX# ping 38.xxx.xxx.210
38.xxx.xxx.210 response received -- 0ms
38.xxx.xxx.210 response received -- 0ms
38.xxx.xxx.210 response received -- 0ms

I also wanted to ping google on its IP address 74.125.137.105, see below:

MRPIX# ping 74.125.137.105
74.125.137.105 response received -- 30ms
74.125.137.105 response received -- 20ms
74.125.137.105 response received -- 20ms


When i run the command show interfaces it shows the following:

MRPIX# sh int
interface ethernet0 "outside" is up, line protocol is up
Hardware is i82559 ethernet, address is 0013.6009.4e71
IP address 38.xxx.xxx.210, subnet mask 255.255.255.240
MTU 1500 bytes, BW 100000 Kbit full duplex
4 packets input, 282 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
324 packets output, 29110 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/1)
output queue (curr/max blocks): hardware (0/2) software (0/1)
interface ethernet1 "inside" is up, line protocol is up
Hardware is i82559 ethernet, address is 0013.6009.4e72
IP address 10.49.32.5, subnet mask 255.255.255.0
MTU 1500 bytes, BW 100000 Kbit full duplex
1043 packets input, 92153 bytes, 0 no buffer
Received 487 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
341 packets output, 23668 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/4)
output queue (curr/max blocks): hardware (2/7) software (0/1)
interface gb-ethernet0 "intf2" is administratively down, line protocol is down
Hardware is i82543 rev02 gigabit ethernet, address is 000e.0c6b.96f8
MTU 1500 bytes, BW 1 Gbit full duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
input queue (curr/max blocks): hardware (0/0) software (0/0)
output queue (curr/max blocks): hardware (0/0) software (0/0)



Just wondering if this PIX is OK or i have forgotten to ad a command to allow outside world see my network servers. I just checked and my mail wont go through nor be able to receive or even my servers will not show online when i try to reach them either through LogMein or even through web interface because i have public IP addresses on some of them. Any help would be greatly appreciated.

Thanks Again.
April 30, 2012 4:24:05 PM

Well first off, can you ping from any of the PC's to the outside interface? Looking over your commands it appears that you are missing NAT and configuration. Even with public IP's set to the servers, they still need to pass through the firewall. You can use ASDM to configure this if you are not familiar with the CLI.
April 30, 2012 5:01:49 PM

Yes i can ping from any of the pc's, here is the output:

C:\Users\bahmeti.xxxxxxxx>ping 38.xxx.xxx.210

Pinging 38.xxx.xxx.210 with 32 bytes of data:
Reply from 38.xxx.xxx.210: bytes=32 time=3ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=2ms TTL=253

Ping statistics for 38.xxx.xxx.210:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 1ms

Can you show me what the command should be or show me how to put this NAT configuration that i am missing?

Thanks a lot.
April 30, 2012 5:07:03 PM

Hi Sk1939, Please disregard that previous message i i replied you, i tested another pix firewall with a lower ISO image , i will check and see if i can ping the outside IP address later today. Thanks a lot for your responses and your help.
April 30, 2012 6:21:38 PM

bahmeti1976 said:
Hi Sk1939, Please disregard that previous message i i replied you, i tested another pix firewall with a lower ISO image , i will check and see if i can ping the outside IP address later today. Thanks a lot for your responses and your help.


Try it and report back. As to how to configure NAT: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/p...
April 30, 2012 7:15:24 PM

I will report back as soon ASAP. Thanks a lot.
May 1, 2012 12:54:34 PM

HI sk1939,

I just pinged the outside interface from 2 computers in my network and they both returned successfully, Please see below:

C:\Users\Admin>ping 38.xxx.xxx.210

Pinging 38.xxx.xxx.210 with 32 bytes of data:
Reply from 38.xxx.xxx.210: bytes=32 time=19ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253

Ping statistics for 38.xxx.xxx.210:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 19ms, Average = 5ms

-----------------------------------------------------

C:\Documents and Settings\Admin>ping 38.xxx.xxx.210

Pinging 38.xxx.xxx.210 with 32 bytes of data:

Reply from 38.xxx.xxx.210: bytes=32 time=5ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=2ms TTL=253

Ping statistics for 38.xxx.xxx.210:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 5ms, Average = 2ms

If i am missing a NAT configuration can you please help me out with this because i dont understand NAT very well.

Thanks a lot.
May 1, 2012 4:03:45 PM

bahmeti1976 said:
HI sk1939,

I just pinged the outside interface from 2 computers in my network and they both returned successfully, Please see below:

C:\Users\Admin>ping 38.xxx.xxx.210

Pinging 38.xxx.xxx.210 with 32 bytes of data:
Reply from 38.xxx.xxx.210: bytes=32 time=19ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253

Ping statistics for 38.xxx.xxx.210:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 19ms, Average = 5ms

-----------------------------------------------------

C:\Documents and Settings\Admin>ping 38.xxx.xxx.210

Pinging 38.xxx.xxx.210 with 32 bytes of data:

Reply from 38.xxx.xxx.210: bytes=32 time=5ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=1ms TTL=253
Reply from 38.xxx.xxx.210: bytes=32 time=2ms TTL=253

Ping statistics for 38.xxx.xxx.210:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 5ms, Average = 2ms

If i am missing a NAT configuration can you please help me out with this because i dont understand NAT very well.

Thanks a lot.


So you can ping the outside interface, which is good. Try pinging the following: 4.2.2.3 and 74.125.228.40

That link I gave you should explain most everything about NAT on the PIX.
May 1, 2012 4:11:56 PM

Thank you sk1939, i will try this later today like after work. You mean try pinging from the inside of PIX firewall right?

Thanks a lot again.
May 1, 2012 4:28:55 PM

bahmeti1976 said:
Thank you sk1939, i will try this later today like after work. You mean try pinging from the inside of PIX firewall right?

Thanks a lot again.


No no, pinging from the LAN.

No problem.
May 1, 2012 4:52:25 PM

Looking over your commands it appears that you are missing NAT and configuration. Even with public IP's set to the servers, they still need to pass through the firewall.
May 1, 2012 6:22:29 PM

I tried the ping from my computer from my LAN network. See below:

C:\Users\admin>ping 4.2.2.3

Pinging 4.2.2.3 with 32 bytes of data:
Reply from 4.2.2.3: bytes=32 time=18ms TTL=53
Reply from 4.2.2.3: bytes=32 time=9ms TTL=53
Reply from 4.2.2.3: bytes=32 time=10ms TTL=53
Reply from 4.2.2.3: bytes=32 time=2ms TTL=53

Ping statistics for 4.2.2.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 18ms, Average = 9ms

C:\Users\admin>ping 74.125.228.40

Pinging 74.125.228.40 with 32 bytes of data:
Reply from 74.125.228.40: bytes=32 time=37ms TTL=51
Reply from 74.125.228.40: bytes=32 time=21ms TTL=51
Reply from 74.125.228.40: bytes=32 time=34ms TTL=51
Reply from 74.125.228.40: bytes=32 time=28ms TTL=51

Ping statistics for 74.125.228.40:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 37ms, Average = 30ms

C:\Users\admin>
May 1, 2012 10:40:12 PM

bahmeti1976 said:
I tried the ping from my computer from my LAN network. See below:

C:\Users\admin>ping 4.2.2.3

Pinging 4.2.2.3 with 32 bytes of data:
Reply from 4.2.2.3: bytes=32 time=18ms TTL=53
Reply from 4.2.2.3: bytes=32 time=9ms TTL=53
Reply from 4.2.2.3: bytes=32 time=10ms TTL=53
Reply from 4.2.2.3: bytes=32 time=2ms TTL=53

Ping statistics for 4.2.2.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 18ms, Average = 9ms

C:\Users\admin>ping 74.125.228.40

Pinging 74.125.228.40 with 32 bytes of data:
Reply from 74.125.228.40: bytes=32 time=37ms TTL=51
Reply from 74.125.228.40: bytes=32 time=21ms TTL=51
Reply from 74.125.228.40: bytes=32 time=34ms TTL=51
Reply from 74.125.228.40: bytes=32 time=28ms TTL=51

Ping statistics for 74.125.228.40:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 37ms, Average = 30ms

C:\Users\admin>


That's your issue right there. That means that none of the computers that are part of your LAN can reach the internet. Likewise, internet traffic has no path past the firewall. You need a NAT statement for most of the PC's, and for those that are publicly addressable you need firewall statements that allow traffic through, as well as a route statement.
May 2, 2012 3:28:36 AM

The ping worked successfully and all computers have internet connectivity. Maybe you didnt check the last reply that i made very well. Its just that i think that like you said i might need to add a NAT statement and a route statement as well.

Thanks sk1939
May 2, 2012 6:19:07 AM

Your right, I didn't look at it closely (tired). NAT for the servers, since it looks like you are missing one, and the route for the static-addressed servers.

No problem.
May 2, 2012 12:36:12 PM

Its OK i know that you work too, but can you provide some examples on NAT and route statements. I know you sent me the link to NAT commands but i still dont get it right. I would really appreciate it.

Thanks
May 2, 2012 5:47:54 PM

bahmeti1976 said:
Its OK i know that you work too, but can you provide some examples on NAT and route statements. I know you sent me the link to NAT commands but i still dont get it right. I would really appreciate it.

Thanks



The following example configures static NAT for the real host 1.1.1.1 on the inside to 2.2.2.2 on the outside with DNS rewrite enabled.

1.
hostname(config)# object network my-host-obj1
2.
hostname(config-network-object)# host 1.1.1.1
3.
hostname(config-network-object)# nat (inside,outside) static 2.2.2.2 dns



The following example configures static NAT for the real host 1.1.1.1 on the inside to 2.2.2.2 on the outside using a mapped object.
1.
hostname(config)# object network my-mapped-obj
2.
hostname(config-network-object)# host 2.2.2.2
3.
hostname(config-network-object)# object network my-host-obj1
4.
hostname(config-network-object)# host 1.1.1.1
5.
hostname(config-network-object)# nat (inside,outside) static my-mapped-obj


However, you will need to allow them thorough the firewall, although the rules may have been transferred from the previous box. Who configured the old PIX?
May 2, 2012 10:49:33 PM

The old PIX was there long time ago, Some previous IT guy. I have configured cisco switches and routers but i never configured a PIX before.

Thanks a lot.
May 3, 2012 11:08:25 PM

I decided to return this pix as i think that something is wrong with it. It froze on me couple times. Thanks a lot for your help.
May 4, 2012 3:09:14 AM

No problem, be sure to clear the configuration off of it before you return it.
!