working fine but I inherited this firewall when I inherited the network....
I see the outside IP's and our subnet assigned by the ISP but there are some inbound rules here that I just don't get... ICMP is allowed from the outside on the primary external interface but not the address that all of our traffic actually goes through...
My internal network also cannot ping out... for me icmp echo should be allowed inbound at least... and timeout if necessary...
please be gentle I haven't worked with a cisco in several years so my cli is very weak! this unit doesn't have vpn enabled which I would like though is it possible still? I also would like to setup a DMZ. With only an internal and external interface is this possible with a vlan? also using a vlan I imagine I would have to have a core switch that would support putting some ports on the DMZ vlan as well right? (currently I don't have that switch)
lets see... anything else left or just the configuration... lets run with that... let me know...
PIX Version 5.1(4) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password xxx encrypted passwd xxx encrypted hostname McIntosh&Assoc fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 names access-list acl_outside permit tcp any host 192.168.0.147 eq 3603 access-list acl_outside permit tcp any host 192.168.0.147 eq h323 access-list acl_outside permit tcp any host 192.168.0.147 eq 1503 access-list acl_outside permit tcp any host 192.168.0.147 range 3230 3235 access-list acl_outside permit udp any host 192.168.0.147 eq 3603 access-list acl_outside permit udp any host 192.168.0.147 eq 1720 access-list acl_outside permit udp any host 192.168.0.147 eq 1503 access-list acl_outside permit udp any host 192.168.0.147 range 3230 3235 access-list acl_outside permit tcp any host 63.199.70.2xx eq 3603 access-list acl_outside permit udp any host 63.199.70.2xx eq 1720 access-list acl_outside permit udp any host 63.199.70.2xx eq 1503 access-list acl_outside permit udp any host 63.199.70.2xx range 3230 3235 pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor no logging buffered no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 10baset interface ethernet1 10baset mtu outside 1500 mtu inside 1500 ip address outside 63.199.70.2xx 255.255.255.248 ip address inside 192.168.0.2 255.255.255.0 arp timeout 14400 global (outside) 1 63.199.70.2xx nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 63.199.70.2xx 192.168.0.147 netmask 255.255.255.255 0 0 access-group acl_outside in interface outside rip inside passive version 1 rip inside default version 1 route outside 0.0.0.0 0.0.0.0 63.199.70.2xx 1 timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable isakmp identity hostname telnet 192.168.0.0 255.255.255.0 inside telnet timeout 5 terminal width 80