Please, refer to the configuration below. This is the pix default configuration. Pix is connecting on the outside interface successfully with dhcp. However, I am not able to even resolve external site names from internal network. Would anyone be able to tell me what else I need to do here?
Thanks in advance
CISCO SYSTEMS PIX-501 Embedded BIOS Version 4.3.200 07/31/01 15:58:22.08 Compiled by morlee
16 MB RAMPCI Device Table. Bus Dev Func VendID DevID Class Irq 00 00 00 1022 3000 Host Bridge 00 11 00 8086 1209 Ethernet 9 00 12 00 8086 1209 Ethernet 10
Cisco Secure PIX Firewall BIOS (4.2) #6: Mon Aug 27 15:09:54 PDT 2001 Platform PIX-501 Flash=E28F640J3 @ 0x3000000
Use BREAK or ESC to interrupt flash boot. Use SPACE to begin flash boot immediately. Reading 1974784 bytes of image from flash. ################################################################################ #################################
16MB RAM mcwa i82559 Ethernet at irq 9 MAC: 000d.65c0.c245 mcwa i82559 Ethernet at irq 10 MAC: 000d.65c0.c246 Flash=E28F640J3 @ 0x3000000 BIOS Flash=E28F640J3 @ 0xD8000----------------------------------------------------------------------- || || || || |||| |||| ..:||||||:..:||||||:.. c i s c o S y s t e m s Private Internet eXchange ----------------------------------------------------------------------- Cisco PIX Firewall
Cisco PIX Firewall Version 6.3(5) Licensed Features: Failover: Disabled VPN-DES: Enabled VPN-3DES-AES: Enabled Maximum Physical Interfaces: 2 Maximum Interfaces: 2 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: 50 Throughput: Unlimited IKE peers: 10
This PIX has a Restricted (R) license.
****************************** Warning ******************************* Compliance with U.S. Export Laws and Regulations - Encryption.This product performs encryption and is regulated for export by the U.S. Government.
This product is not authorized for use by persons located outside the United States and Canada that do not have prior approval from Cisco Systems, Inc. or the U.S. Government.
This product may not be exported outside the U.S. and Canada either by physical or electronic means without PRIOR approval of Cisco Systems, Inc. or the U.S. Government.
Persons outside the U.S. and Canada may not re-export, resell or transfer this product by either physical or electronic means without prior approval of Cisco Systems, Inc. or the U.S. Government. ******************************* Warning *******************************
Copyright (c) 1996-2005 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706
outside interface address added to PAT pool
Cryptochecksum(unchanged): 08d5f7f6 ca8cfac2 9ea8f6b4 fbf84b54 Type help or '?' for a list of available commands. pix501>
pixfirewall> conf term Type help or '?' for a list of available commands. pixfirewall> enable Password: pixfirewall# conf term pixfirewall(config)# write term Building configuration... : Saved : PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall domain-name ciscopix.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list inside_access_in permit tcp any any access-list inside_access_in permit udp any any access-list inside_access_in permit icmp any any access-list inside_access_in permit ip any any pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside dhcp setroute ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group inside_access_in in interface inside timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.129 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside terminal width 80 Cryptochecksum:139096f0d176c715a5fa614ddaa32d0a : end [OK] pixfirewall(config)#