1. Home
  2. Cisco Systems
  3. pix problem

pix problem

i have a pix at the colo and a router at office and i cant get it to work. from the router at the office, 192.168.100.1, i can ping the pix and the nat ip of the pix but nothing outside the pix.

the traceroute stops at the 209.14.111.2 ip.

any suggestions are greatly appreciated. the conf of the pix is below

memory

-size iomem 15 clock timezone CST -6 clock summer-time CST recurring ip subnet-zero no ip source-route ! ! ! interface Loopback0 description Loopback to Layer1 Colo 2611 ip address 192.168.1.2 255.255.255.255 ! interface Ethernet0/0 description Layer 1 Internet Feed ip address 209.41.111.1 255.255.255.224 ip access-group 101 in ip nat inside full-duplex no cdp enable ! interface Serial0/0 ip address 192.168.100.2 255.255.255.252 ip nat outside no ip route-cache no ip mroute-cache no cdp enable ! interface Ethernet0/1 no ip address shutdown half-duplex no cdp enable ! router ospf 100 log-adjacency-changes passive-interface Ethernet0/0 network 192.168.0.0 0.0.255.255 area 0 ! ip nat translation timeout 3600 ip nat pool out-to-the-net 209.14.111.2 209.14.111.2 netmask

255.255.255.224 ip nat inside source list 10 pool out-to-the-net overload ip nat inside source static udp 192.168.30.175 5068 209.41.111.2 5068 extendable ip nat inside source static udp 192.168.30.175 5011 209.41.111.2 5011 extendable ip nat inside source static tcp 192.168.30.169 5067 209.41.111.2 5067 extendable ip nat inside source static udp 192.168.30.169 5067 209.41.111.2 5067 extendable ip nat inside source static udp 192.168.30.169 5010 209.41.111.2 5010 extendable ip nat inside source static tcp 192.168.30.65 5066 209.41.111.2 5066 extendable ip nat inside source static udp 192.168.30.65 5066 209.41.111.2 5066 extendable ip nat inside source static udp 192.168.30.65 5009 209.41.111.2 5009 extendable ip nat inside source static tcp 192.168.30.170 5065 209.41.111.2 5065 extendable ip nat inside source static udp 192.168.30.170 5065 209.41.111.2 5065 extendable ip nat inside source static udp 192.168.30.170 5008 209.41.111.2 5008 extendable ip nat inside source static tcp 192.168.30.66 5064 209.41.111.2 5064 extendable ip nat inside source static udp 192.168.30.66 5064 209.41.111.2 5064 extendable ip nat inside source static udp 192.168.30.66 5007 209.41.111.2 5007 extendable ip nat inside source static tcp 192.168.30.115 5063 209.41.111.2 5063 extendable ip nat inside source static udp 192.168.30.115 5063 209.41.111.2 5063 extendable ip nat inside source static udp 192.168.30.115 5006 209.41.111.2 5006 extendable ip nat inside source static udp 192.168.30.62 5005 209.41.111.2 5005 extendable ip nat inside source static udp 192.168.30.62 5062 209.41.111.2 5062 extendable ip nat inside source static tcp 192.168.30.62 5062 209.41.111.2 5062 extendable ip nat inside source static tcp 192.168.30.30 8080 209.41.111.2 8080 extendable ip nat inside source static tcp 192.168.30.20 617 209.41.111.2 617 extendable ip nat inside source static tcp 192.168.30.175 5068 209.41.111.2 5068 extendable no ip classless ip route 0.0.0.0 0.0.0.0 209.41.111.9 ip http server ! access-list 10 permit 192.168.0.0 0.0.255.255 access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 remark Block loopback address used as source access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip 224.0.0.0 31.255.255.255 any access-list 101 deny udp any any eq netbios-ns access-list 101 deny tcp any any eq 139 access-list 101 deny icmp any any redirect access-list 101 permit ip any any access-list 101 permit ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip any any no cdp run snmp-server community touchstonemrtg RO snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps isdn call-information snmp-server enable traps isdn layer2 snmp-server enable traps isdn chan-not-avail snmp-server enable traps hsrp snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps envmon snmp-server enable traps bgp snmp-server enable traps ipmulticast snmp-server enable traps msdp snmp-server enable traps rsvp snmp-server enable traps frame-relay snmp-server enable traps rtr snmp-server enable traps syslog
Reply to
shirazk
Loading thread data ...

try this on Cisco site if it is pix 7.0

formatting link

Reply to
Drx

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.