1. Home
  2. Cisco Systems
  3. PIX 515E Changing from DSL to Cable ISP

PIX 515E Changing from DSL to Cable ISP

IOS Version 6.2

I cannot access the internet using my new cable modem and the settings below.

I'm not sure the exact amount of static IPs we were allotted by the DSL provider (someone may be able to determine it from the configuration below), but we have 6 with the cable company; 199-204. Aside from the changes in the IPs and how they affect static routes, access-lists, and gateways, there must be a setting I'm missing. One thing I did notice is the the ISPs differ on how they've subnetted the IPs I've been given. DSL gave me my own subnet (255.255.255.248) for my x # of addresses. The cable provider gave me 6 addresses with a

255.255.252.0 mask. Below are the snippets, before and after.

DSL - (Apparently using addresses 11.16.146.89 - 11.16.146.94 w/ .89 being the gateway) nameif ethernet0 outside security0 ip address outside 11.16.146.90 255.255.255.248 global (outside) 1 11.16.146.92-68.16.146.93 netmask 255.255.255.248 global (outside) 1 11.16.146.94 netmask 255.255.255.248 static (inside,outside) tcp 11.16.146.91 ssh 10.6.18.10 ssh netmask

255.255.255.255 0 0 access-list inbound permit tcp any host 11.16.146.91 eq ssh access-list 101 permit ip 10.6.18.0 255.255.255.0 172.6.18.0 255.255.255.0 nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 11.16.146.89 1 route inside 192.168.0.0 255.255.255.0 10.6.18.9 1

CABLE - (static ips 205.213.231.199 - 205.213.231-204, netmask

255.255.252.0, gateway 205.213.228.1) nameif ethernet0 outside security0 ip address outside 205.213.231.199 255.255.252.0 global (outside) 1 205.213.231.200-205.213.231.203 netmask 255.255.252.0 global (outside) 1 205.213.231.204 netmask 255.255.252.0 static (inside,outside) tcp 205.213.231.200 ssh 10.6.18.10 ssh netmask 255.255.255.255 0 0 access-list inbound permit tcp any host 205.213.231.200 eq ssh access-list 101 permit ip 10.6.18.0 255.255.255.0 172.6.18.0 255.255.255.0 nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 205.213.228.1 1 route inside 192.168.0.0 255.255.255.0 10.6.18.9 1

My guess is that there is either a problem with NAT/PAT or the weird subnet mask (supernetted class C) is causing me problems. You'll notice from the last config line that my cable ISP's gateway would be in a different subnet if this were a true class C. Can anyone tell where I went wrong or what I should try? I tried to include all relevant lines, which are all the ones that I've changed.

Thanks, Paul

Reply to
sintral
Loading thread data ...

First thing I would try is plug a PC into your cable modem and just check you can get on the internet.

Reply to
alexd

Right, sure. I can connect fine without the firewall using all of my static IPs from the cable ISP. Does anyone else see a problem in the configuration? Extra or omitted line?

Reply to
sintral

3:59, s>

Is it necessary to run a 'clear xlate' after changing the NAT/PAT settings? I just happened up on that and I can't remember if I did that.

Reply to
sintral

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.