1. Home
  2. Cisco Systems
  3. Cannot access more than one pc (internet), PIX 501

Cannot access more than one pc (internet), PIX 501

Guys,

I can only access the internet (VPN works too) with one pc based on this cofigurations. Is it with the static statement?

Help me out. Btw, this is pix 501. I am using PAT. I tried to change the static to 192.168.1.0, but no luck.

66.159.2xx.xx= STATIC IP (ASSIGN BY ISP) 192.168.x.x = LOCAL PC

Tony

----------------------------- PIX Version 6.3(1) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100

fixup protocol esp-ike fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 names access-list tunnel-101 permit esp any host 66.159.2xx.xx pager lines 24 logging on mtu outside 1500 mtu inside 1500 ip address outside 66.159.2xx.xx 255.255.255.0 ip address inside 192.168.x.x 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging informational 105 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 66.159.2xx.xx 192.168.x.x netmask

255.255.255.255 0 0 access-group tunnel-101 in interface outside route outside 0.0.0.0 0.0.0.0 66.159.2xx.x 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec isakmp nat-traversal 100 telnet timeout 5 ssh timeout 5 console timeout 0 hcpd address 192.168.x.x-192.168.x.xx inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside terminal width 80

------------------------------

Reply to
tractng
Loading thread data ...

If you have only one global IP address and you put on 1-to-1 NAT then that's what will happen. The private IP on the static command line will be the only one with internet access. Remove the static and the rest of the PCs can access internet too.

Reply to
Jyri Korhonen

Jyri,

I did remove it and still cannot access internet with another pc.

Any idea?

Tony

Reply to
tractng

Guys,

I think I solved it (most part). Now I am able to get internet connection for more than once pc.

The only thing is that my VPN (initiation) only works from my

192.168.1.2 machine, which is my windows 2000 server. I have DNS running on that machine.

So I am guessing its something with DNS in my pix?? Is there any limitation on PAT that I have to specify where my VPN (initiation) is coming from?

Below is my config. Thanks for looking.

---------------------------------------------------------------------- PIX Version 6.3(1) hardware = PIX501 interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100

passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall domain-name ciscopix.com fixup protocol esp-ike fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 names access-list tunnel-101 permit esp any host 66.159.2BB.BB pager lines 24 logging on mtu outside 1500 mtu inside 1500 ip address outside 66.159.2BB.BB 255.255.255.0 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging informational 101 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group tunnel-101 in interface outside route outside 0.0.0.0 0.0.0.0 66.159.2BB.A 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225

1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec isakmp nat-traversal 100 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.6-192.168.1.33 inside dhcpd dns 192.168.1.2 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside terminal width 80

--------------------------------------------------------

Tony

Reply to
tractng

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.