PIX PROBLEM

From: marish shah (contactmarish@gmail.com)
Date: Tue Mar 17 2009 - 07:37:31 ART

• Next message: Jeff Andiorio: "Re: Startup-time spanning-tree"
• Previous message: Nadeem Ansari: "Re: selective routing on interface"
• Next in thread: Farrukh Haroon: "Re: PIX PROBLEM"
• Maybe reply: Farrukh Haroon: "Re: PIX PROBLEM"
• Maybe reply: Edouard Zorrilla: "Re: PIX PROBLEM"
• Maybe reply: Edouard Zorrilla: "Re: PIX PROBLEM"
• Maybe reply: Farrukh Haroon: "Re: PIX PROBLEM"
• Maybe reply: Shahid Ansari: "Re: PIX PROBLEM"
• Maybe reply: Edouard Zorrilla: "Re: PIX PROBLEM"
• Maybe reply: Farrukh Haroon: "Re: PIX PROBLEM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi guys ,
   I have pix 515 inside to dmz and dmz to outside .but its not working
because I can't ping my dmz plz check my configuration its ok or not

pix515e(config)# sh run
: Saved
:
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security10
enable password uz71UN9FHpuvfuPq encrypted
passwd uz71UN9FHpuvfuPq encrypted
hostname pix515e
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
names
access-list acl_inside permit ip any any
access-list acl_inside permit tcp any host 192.168.4.40 eq 34336
access-list acl_inside permit tcp any host 192.168.4.40 eq 34334
access-list acl_inside permit tcp any host 192.168.4.40 eq 7777
access-list acl_inside permit tcp any host 192.168.4.40 eq 34335
access-list acl_inside permit tcp any any
access-list acl_inside permit ip any host 192.168.129.183
access-list acl_inside permit ip any host 192.168.130.176
access-list acl_outside permit icmp any any
access-list acl_outside permit tcp any host 192.168.129.183 eq 7777
access-list acl_outside permit tcp any host 192.168.129.183 eq 34335
access-list acl_outside permit tcp any host 192.168.130.176 eq 7777
access-list acl_outside permit tcp any host 192.168.130.176 eq 34335
access-list acl_outside permit tcp any host 192.168.129.183 eq 34336
access-list acl_outside permit tcp any host 192.168.130.176 eq 34334
access-list acl_outside permit tcp any any
access-list acl_outside permit ip any any
access-list acl_outside permit ip any host 192.168.130.176
access-list acl_DMZ permit icmp any any
access-list acl_DMZ permit tcp any any
access-list acl_DMZ permit ip any any
access-list acl_DMZ permit ip 192.168.130.0 255.255.255.0 any
access-list acl_DMZ permit tcp 192.168.130.0 255.255.255.0 any
access-list acl_DMZ permit ip any 192.168.130.0 255.255.255.0
access-list acl_DMZ permit tcp any 192.168.130.0 255.255.255.0
pager lines 24
logging host inside 192.168.4.155
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
ip address outside 192.168.129.197 255.255.255.0
ip address inside 192.168.6.239 255.255.255.0
ip address DMZ 192.168.130.197 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (DMZ) 1 0.0.0.0 0.0.0.0 0 0
static (DMZ,inside) tcp 192.168.4.40 34335 192.168.130.176 34335 netmask
255.255
.255.255 0 0
static (inside,DMZ) tcp 192.168.130.176 34335 192.168.4.40 34335 netmask
255.255
.255.255 0 0
static (inside,DMZ) 192.168.4.0 192.168.4.0 netmask 255.255.255.0 0 0
static (DMZ,inside) 192.168.130.0 192.168.130.0 netmask 255.255.255.0 0 0
static (DMZ,outside) 192.168.130.0 192.168.130.0 netmask 255.255.255.0 0 0
static (outside,DMZ) 192.168.129.0 192.168.129.0 netmask 255.255.255.0 0 0
access-group acl_outside in interface outside
access-group acl_inside in interface inside
access-group acl_DMZ in interface DMZ
route outside 0.0.0.0 0.0.0.0 192.168.129.253 1
route inside 192.168.4.0 255.255.255.0 192.168.6.239 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.4.0 255.255.255.0 inside
http 192.168.6.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet 192.168.4.0 255.255.255.0 inside
telnet 192.168.1.1 255.255.255.255 inside
telnet 192.168.3.0 255.255.255.0 inside
telnet 192.168.6.0 255.255.255.0 inside
telnet 192.168.1.1 255.255.255.255 DMZ
telnet timeout 5
ssh timeout 5
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:b97566d452e537c6a39fea284501b373
: end
pix515e(config)#

Blogs and organic groups at http://www.ccie.net

• Next message: Jeff Andiorio: "Re: Startup-time spanning-tree"
• Previous message: Nadeem Ansari: "Re: selective routing on interface"
• Next in thread: Farrukh Haroon: "Re: PIX PROBLEM"
• Maybe reply: Farrukh Haroon: "Re: PIX PROBLEM"
• Maybe reply: Edouard Zorrilla: "Re: PIX PROBLEM"
• Maybe reply: Edouard Zorrilla: "Re: PIX PROBLEM"
• Maybe reply: Farrukh Haroon: "Re: PIX PROBLEM"
• Maybe reply: Shahid Ansari: "Re: PIX PROBLEM"
• Maybe reply: Edouard Zorrilla: "Re: PIX PROBLEM"
• Maybe reply: Farrukh Haroon: "Re: PIX PROBLEM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:05 ART