cisco pix 515 config problem (ver 7.3)

Hello Gurus

I am trying to set up a Cisco PIX 515E and i seem to be having some problems. Although i have a statement that allows ping and ssh from outside to inside, i am unable to establish a session. Any ideas?

Here is the config.

asdm image flash:/asdm asdm history enable : Saved : PIX Version 7.1(2) ! hostname SDSL-FW domain-name default.domain.invalid enable password xxxxxxxxxx encrypted multicast-routing names ! interface Ethernet0 description Outside (Inernet) Interface nameif outside security-level 0 ip address 181.28.29.253 255.255.255.248 ! interface Ethernet1 nameif inside security-level 100 ip address 10.214.110.150 255.255.255.0 ! passwd IiW2v7c0878D.R51 encrypted no ftp mode passive dns domain-lookup inside dns server-group DefaultDNS domain-name default.domain.invalid dns server-group prod.green.co.uk name-server 10.214.110.11 access-list 100 extended permit tcp any 10.214.110.0 255.255.255.0 eq ssh access-list 100 extended permit udp host 181.28.29.250 10.214.110.0

255.255.255.0 access-list 100 extended permit tcp 181.28.29.248 255.255.255.248 10.214.110.0 255.255.255.0 access-list 100 extended permit ip 181.28.29.248 255.255.255.248 10.214.110.0 255.255.255.0 access-list 100 extended permit icmp 181.28.29.248 255.255.255.248 10.214.110.0 255.255.255.0 access-list 100 extended permit icmp 181.28.29.248 255.255.255.248 10.214.110.0 255.255.255.0 echo-reply access-list 100 extended permit icmp 181.28.29.248 255.255.255.248 10.214.110.0 255.255.255.0 time-exceeded access-list 100 extended permit icmp 181.28.29.248 255.255.255.248 10.214.110.0 255.255.255.0 unreachable access-list 100 extended permit udp 181.28.29.248 255.255.255.248 10.214.110.0 255.255.255.0 access-list 100 extended permit icmp 181.28.29.248 255.255.255.248 10.214.110.0 255.255.255.0 traceroute access-list 100 extended permit icmp 181.28.29.248 255.255.255.248 10.214.110.0 255.255.255.0 echo access-list inside_access_in extended permit udp 10.214.110.0 255.255.255.0 any access-list inside_access_in extended permit icmp 10.214.110.0 255.255.255.0 any access-list inside_access_in extended permit tcp 10.214.110.0 255.255.255.0 any access-list inside_access_in extended permit ip 10.214.110.0 255.255.255.0 any access-list inside_access_in extended permit icmp 10.214.110.0 255.255.255.0 any traceroute access-list inside_access_in extended permit icmp 10.214.110.0 255.255.255.0 any time-exceeded access-list inside_access_in extended permit icmp 10.214.110.0 255.255.255.0 any unreachable access-list inside_access_in extended permit icmp 10.214.110.0 255.255.255.0 any echo pager lines 24 logging enable logging monitor emergencies logging asdm debugging logging ftp-bufferwrap logging ftp-server 10.214.110.25 /export/home/firewal firewall **** mtu inside 1500 mtu outside 1500 ip audit name intrusion-detect attack action alarm ip audit interface outside intrusion-detect no failover monitor-interface inside monitor-interface outside icmp permit any inside icmp permit any outside asdm image flash:/asdm asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 10.214.110.11 255.255.255.255 nat (inside) 1 10.214.110.0 255.255.255.0 static (inside,outside) 181.28.29.251 10.214.110.10 netmask 255.255.255.255 static (inside,outside) 181.28.29.252 10.214.110.11 netmask 255.255.255.255 static (inside,outside) 181.28.29.249 10.214.110.29 netmask 255.255.255.255 access-group inside_access_in in interface inside access-group 100 in interface outside route inside 10.0.0.0 255.0.0.0 10.214.110.3 1 route outside 0.0.0.0 0.0.0.0 181.28.29.254 1 ! router ospf 1 network 10.214.0.0 255.255.0.0 area 0 area 0 log-adj-changes ! timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:30:00 absolute uauth 0:30:00 inactivity username xxxxxxyy password xxxxxxxx encrypted username xxxxxxxx password xxxxxxxx encrypted username xxxxxxww password xxxxxxxx encrypted http server enable http 10.214.110.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart service resetoutside telnet 10.214.110.0 255.255.255.0 inside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 console timeout 0 dhcpd address 10.214.110.151-10.214.110.254 inside dhcpd lease 3600 dhcpd ping_timeout 50 dhcpd enable inside ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect http ! service-policy global_policy global ntp server 10.214.110.11 source inside prefer Cryptochecksum:08a8e9caf6199d467078f267fbb20f36 : end

Dean

Reply to
router-man
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.