Pix - "No route to host"

Hi,

I have just upgraded the software on my Pix 525 from version 6 to 7.

After a reboot I attempt to set an interface IP address for the next stage of the upgrade:

For some reason the interface does not work! I get "No route to host"

Any suggestions would be great:

pixfirewall(config)# int e0 pixfirewall(config-if)# ip address 192.168.1.1 255.0.0.0 pixfirewall(config-if)# no shut

pixfirewall# ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: No route to host 192.168.1.1

Success rate is 0 percent (0/1) pixfirewall#

Many thanks,

Paul

Reply to
thefunnel
Loading thread data ...

You need to connect the interface to a working physical counterpart. Unless the interface is not "up/up", IP transport involving this interface will not happen.

Reply to
Lutz Donnerhacke

The firewall is connected to a live switch port:

The show int e0 command outputs:

Interface Ethernet0 "", is up, line protocol is up

But I still get "No route to host" even if I try to ping the address from the firewall itself.

In fact - even a ping to 127.0.0.1 fails!

pixfirewall# ping 127.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 127.0.0.1, timeout is 2 seconds: No route to host 127.0.0.1

Very strange!

Reply to
thefunnel

Hi,

The interface is up/up:

Interface Ethernet0 "", is up, line protocol is up

But I cant even ping 127.0.0.1 from the firewall?

pixfirewall# ping 127.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 127.0.0.1, timeout is 2 seconds: No route to host 127.0.0.1

Reply to
thefunnel

Fine.

Turn on logging.

Of course. The PIX does no know about 127.0.0.1.

Reply to
Lutz Donnerhacke

By default, Eth1 is set to 192.168.1.1/24 and named "inside". Maybe there is a conflict between Eth0 and Eth1?

Regards

fw

Reply to
Frank Winkler

You cannot generally ping from the PIX to one of its own interfaces. You'd be better off pinging to a device on the other side of the interface. For that to work, ensure that you have configured the "icmp" command (or whatever it's 7.x equivilent is) to permit echo replies.

Also, you appear to have used the wrong netmask for the interface. There are legitimate network addresses in 192.x.x.x; it is only 192.168.x.x that is reserved.

Reply to
Walter Roberson

Try with;

pixfirewall(config)#interface e0 pixfirewall(config-if)# ip address 192.168.1.1 255.255.255.0 pixfirewall(config-if)# nameif outside pixfirewall(config-if)# no shut

If it's like the ASA , you need to specifically name the interface to get it to work.

So the nameif outside should bring it up

Reply to
mcaissie

That's sorted it. Many thanks. All it needed was "nameif inside"

Cheers,

Reply to
thefunnel

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.