Ok.. I admit it. I am probably missing something simple. A little help?
I have an older PIX 515e that I am trying to get running. The outside interface is connected to a cable modem and configured for DHCP. This interface gets assigned an IP from the ISP so this part seems to be working. My understanding is that using the command should automatically set the static route for the ISP gateway. If I this seems to be the case. From the console, I can also ping the ISP gateway and any other site (yahoo.com) that I try.
The inside interface is setup with a static address of 10.0.1.10 and this returns a ping from the inside clients. DHCP on the internal network is handled by a 2012R2 machine and this service as well as DNS is also working (except for DNS forwarding while the PIX is being tested)
However, clients cannot access the internet. No ping replies, etc. I believe this is either a routing issue or a NAT/PAT issue. I am behind the 8-ball on this area of Cisco configuration and could use some help. Posted below is my current running config. I have tried a few of the config guides found on the net, but nothing seems to be working. Can anyone give me a hand with this?
Thanks! Michael
: Saved
:
PIX Version 8.0(4)28
!
hostname GripPix
domain-name Grip.com
enable password ... encrypted
passwd ... encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.0.1.10 255.255.0.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
dns server-group DefaultDNS
domain-name Grip.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in extended deny ip any any log
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (outside) 1 10.0.0.0 netmask 255.255.0.0
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.0.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 10.0.0.0 255.255.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection-default
match default-inspection-traffic
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect http
inspect icmp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:9cceeff3166fd745e3569853ea5c178c
: end
asdm image flash:/asdm-613.bin
no asdm history enable
