Re: PIX PROBLEM

From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Wed Mar 18 2009 - 09:25:48 ART

You can not ping DMZ from where zone ? the DMZ inself ?

Pls. clarify

----- Original Message -----
From: "marish shah" <contactmarish@gmail.com>
To: "groupstudy" <ccielab@groupstudy.com>
Sent: Tuesday, March 17, 2009 5:37 AM
Subject: PIX PROBLEM

> Hi guys ,
> I have pix 515 inside to dmz and dmz to outside .but its not working
> because I can't ping my dmz plz check my configuration its ok or not
>
> pix515e(config)# sh run
> : Saved
> :
> PIX Version 6.2(2)
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> nameif ethernet2 DMZ security10
> enable password uz71UN9FHpuvfuPq encrypted
> passwd uz71UN9FHpuvfuPq encrypted
> hostname pix515e
> domain-name ciscopix.com
> fixup protocol ftp 21
> fixup protocol http 80
> fixup protocol h323 h225 1720
> fixup protocol h323 ras 1718-1719
> fixup protocol ils 389
> fixup protocol rsh 514
> fixup protocol rtsp 554
> fixup protocol sqlnet 1521
> fixup protocol sip 5060
> fixup protocol skinny 2000
> no fixup protocol smtp 25
> names
> access-list acl_inside permit ip any any
> access-list acl_inside permit tcp any host 192.168.4.40 eq 34336
> access-list acl_inside permit tcp any host 192.168.4.40 eq 34334
> access-list acl_inside permit tcp any host 192.168.4.40 eq 7777
> access-list acl_inside permit tcp any host 192.168.4.40 eq 34335
> access-list acl_inside permit tcp any any
> access-list acl_inside permit ip any host 192.168.129.183
> access-list acl_inside permit ip any host 192.168.130.176
> access-list acl_outside permit icmp any any
> access-list acl_outside permit tcp any host 192.168.129.183 eq 7777
> access-list acl_outside permit tcp any host 192.168.129.183 eq 34335
> access-list acl_outside permit tcp any host 192.168.130.176 eq 7777
> access-list acl_outside permit tcp any host 192.168.130.176 eq 34335
> access-list acl_outside permit tcp any host 192.168.129.183 eq 34336
> access-list acl_outside permit tcp any host 192.168.130.176 eq 34334
> access-list acl_outside permit tcp any any
> access-list acl_outside permit ip any any
> access-list acl_outside permit ip any host 192.168.130.176
> access-list acl_DMZ permit icmp any any
> access-list acl_DMZ permit tcp any any
> access-list acl_DMZ permit ip any any
> access-list acl_DMZ permit ip 192.168.130.0 255.255.255.0 any
> access-list acl_DMZ permit tcp 192.168.130.0 255.255.255.0 any
> access-list acl_DMZ permit ip any 192.168.130.0 255.255.255.0
> access-list acl_DMZ permit tcp any 192.168.130.0 255.255.255.0
> pager lines 24
> logging host inside 192.168.4.155
> interface ethernet0 auto
> interface ethernet1 auto
> interface ethernet2 auto
> mtu outside 1500
> mtu inside 1500
> mtu DMZ 1500
> ip address outside 192.168.129.197 255.255.255.0
> ip address inside 192.168.6.239 255.255.255.0
> ip address DMZ 192.168.130.197 255.255.255.0
> ip audit info action alarm
> ip audit attack action alarm
> pdm logging informational 100
> pdm history enable
> arp timeout 14400
> global (outside) 1 interface
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> nat (DMZ) 1 0.0.0.0 0.0.0.0 0 0
> static (DMZ,inside) tcp 192.168.4.40 34335 192.168.130.176 34335 netmask
> 255.255
> 255.255 0 0
> static (inside,DMZ) tcp 192.168.130.176 34335 192.168.4.40 34335 netmask
> 255.255
> 255.255 0 0
> static (inside,DMZ) 192.168.4.0 192.168.4.0 netmask 255.255.255.0 0 0
> static (DMZ,inside) 192.168.130.0 192.168.130.0 netmask 255.255.255.0 0 0
> static (DMZ,outside) 192.168.130.0 192.168.130.0 netmask 255.255.255.0 0 0
> static (outside,DMZ) 192.168.129.0 192.168.129.0 netmask 255.255.255.0 0 0
> access-group acl_outside in interface outside
> access-group acl_inside in interface inside
> access-group acl_DMZ in interface DMZ
> route outside 0.0.0.0 0.0.0.0 192.168.129.253 1
> route inside 192.168.4.0 255.255.255.0 192.168.6.239 1
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
> 0:05:00 si
> p 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius
> aaa-server LOCAL protocol local
> http server enable
> http 192.168.1.0 255.255.255.0 inside
> http 192.168.4.0 255.255.255.0 inside
> http 192.168.6.0 255.255.255.0 inside
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> no sysopt route dnat
> telnet 192.168.4.0 255.255.255.0 inside
> telnet 192.168.1.1 255.255.255.255 inside
> telnet 192.168.3.0 255.255.255.0 inside
> telnet 192.168.6.0 255.255.255.0 inside
> telnet 192.168.1.1 255.255.255.255 DMZ
> telnet timeout 5
> ssh timeout 5
> dhcpd lease 3600
> dhcpd ping_timeout 750
> dhcpd auto_config outside
> terminal width 80
> Cryptochecksum:b97566d452e537c6a39fea284501b373
> : end
> pix515e(config)#
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:05 ART