All,
I hate to be the whiner, but I haven't been able to get traffic any traffic of any kind to cross between the inside and outside interfaces of my PIX 515. From inside the PIX and can ping out to hosts beyond both interfaces. And from hosts on either side, and can ping the respective interface. But I can't get tcp, or any other traffic to across the firewall. I've included the entire configuration, which from what I can tell, is totally vanilla and straight from the Cisco website tutorials. I've been fighting this for two days, so I'm sort of losing my religion on this.
Any suggestions are much appreciated.
--------------------------------------------
PIX Version 6.3(4)
interface ethernet0 auto interface ethernet1 auto
nameif ethernet0 outside security0 nameif ethernet1 inside security100
hostname pixfirewall
domain-name xxxxxx.xxx
! the standard fixup protocols fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69
names pager lines 24
mtu outside 1500 mtu inside 1500
ip address outside xxx.xxx.50.14 255.255.255.0 ip address inside xxx.xxx.65.193 255.255.255.224 !! a small subnet
ip audit info action alarm ip audit attack action alarm
pdm history enable
arp timeout 14400
! not using NAT nat (inside) 0 0.0.0.0 0.0.0.0 0 0 ! I've also attempted a static route here, but to no avail
!default route route outside 0.0.0.0 0.0.0.0 xxx.xxx.50.4 1
! use the default timeouts timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00 !! the newsgroup editor wraps this line timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute! again, the defaults aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local
! allow icmp for some short term debugging access-list ping_ok permit icmp any any access-group ping_ok in interface inside
! the pdm/web interface http server enable http 192.168.1.0 255.255.255.0 inside
no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps
floodguard enable
telnet timeout 5 ssh timeout 5 console timeout 0
terminal width 80
------------------------------
Like I said, this seems totally vanilla to me.
Thanks in advance for any help.
B Squared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reserving judgements is a matter of infinite hope. -- F. Scott Fitzgerald, _The Great Gatsby_