Question about Cisco PIX 515E Firewall

1 Answer

Pix 515E inside to outside translation problem

Dear Sir,

We need your assistance to resolve our problem. Attachment file is the running configuration for your reference. This is regarding the PIX 515 E firewall.
The Problem is as follows:
Scenarios are: we have two different ISP, both the links are working fine if we terminated into cisco Router 2800. If I terminated the ISP 1 Link into Pix firewall. Almost last ten days there is no issue. Internet working fine in the inside network. But from the last two day I have facing a problem that I can access web sites in the Firewall. But not in the inside Network. If I change the ISP 1 link to ISP 2 Link . It is working fine. I can access the internet in inside. Nothing I had changed. Only the connectivity and the IP address. But we need to run the ISP 1 link in the firewall. Please suggest the necessary changes for successful running of the link from inside also.

ISP 1 Link address Details :

ip address outside 203.193.129.132 255.255.255.240
global (outside) 1 203.193.129.133
route outside 0.0.0.0 0.0.0.0 203.193.129.129 1

ISP 2 Link address Details :

ip address outside 121.246.145.170 255.0.0.0
global (outside) 1 121.246.145.173
route outside 0.0.0.0 0.0.0.0 121.246.145.1 1

Awaiting for your quick response.

Regards,

D.Kiran Kumar
STPI-Warangal

Posted by on

1 Answer

  • Level 1:

    An expert who has achieved level 1.

    Problem Solver:

    An expert who has answered 5 questions.

  • Contributor
  • 5 Answers

Dear Kiran,

What is the name assigned for isp 1 as well as isp2.

for your reference kindly find the sample configuration......
ISP 1:
interface ethernet 0 100 full
nameif outside security-lvl 0
ip address outside 203.193.129.132 255.255.255.240.
nat (inisde) 1 (local network)
global (outside) 1 203.193.129.133
route outside 0 0 203.193.129.129.1.

regards,
mani.S

Posted on Mar 13, 2009

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

2 Answers

I have two Cisco routers one is a 501Pix(located at branch Office), the other is a 515E Pix (located at main office). I've configured a vpn tunnel to the router at the main office. The router at the branch...


Hi,
  1. Please check whether the Tunnel Phase 1 and Phase 2 are Up.If Not Proceed Next, if Yes Proceed to point 4
  2. Please check the peer IP is reachable
  3. Please check the configuration and the encapsulation method used
  4. Check whether in the Match Address whether the IP has been Allowed If Yes Proceed Next
  5. The Branch PIX will be in the Outside interface of the Main PIX, security Level will be enabled so do NAT. If Yes Proceed next
  6. If unable to ping enable the Inspect ICMP in the global policy to enable ping If Yes
  7. If all The above are done. please check the routes between the 2 remote computer.
Please check all the above point, surely your problems will be solved

Feb 26, 2011 | Cisco PIX 501 Firewall

2 Answers

Replacing a PIX 515E with an ASA 5510


Best way to migrate is to take the configuration of the old PIX and TFTP it to a PC or other server for safe keeping.

Then boot up the ASA in a lab environment and TFTP the configuration to the new unit and reboot. There will be some commands that don't translate correctly, but you can compare the configurations to each other to make sure all the access lists and NAT statements get transferred across.

Keep in mind that the PIX and the ASA name their interfaces differently, so there may be errors when you transfer the configuration. You can edit the configuration offline with something like Notepad and change the names of the interfaces to have it work.

Good luck!

Jan 29, 2010 | Cisco ASA 5510 Firewall

1 Answer

How to configure MAC access list at PIX 515


The PIX is a layer 3 device, I cant say that I have ever tried to filter a mac address. I'm pretty sure you cant

Jan 02, 2010 | Cisco PIX 515E Firewall

1 Answer

I want to block an outside IP-address and some sites on PIX 515E


Assuming you are running the latest version.
Short answer:
# access-list acl-outside line 1 deny ip IPYOUWANTTOBLOCK 255.255.255.255 any # write memory
The link below contains a longer helpful explanation: http://www.velocityreviews.com/forums/t35733-how-to-block-external-ip-address-on-pix-515e.html
I hope this helps.

Nov 09, 2009 | Cisco PIX 515E Firewall

1 Answer

Cisco pix 515 workstations cant get outside pix can


You have to create a route statement to allow workstations to get online.

Below is the command:
route interface_name ip_address netmask gateway_ip

Example:
route outside 0.0.0.0 0.0.0.0 200.200.200.1
or
route outside 0 0 200.200.200.1

When there is already a route statement but still cannot get online, check the DNS settings.

Oct 08, 2009 | Cisco PIX 515E Firewall

1 Answer

How ti block the orkut in cisco firewall pix515E


you can only block orkut sites that you know by IP but the Pix alone cannot do it since it requires an application like websense to do URL filtering. If you have the IPs and need help creating the ACLs, feel free to let me know

Apr 11, 2009 | Cisco PIX 515E Firewall

1 Answer

User cannot log on to a web site from our network


please check after disabling javascript/activex filtering on your firewall only for this site.
If you could post me the configuration then it would be really good.

Apr 06, 2009 | Cisco PIX 515E Firewall

1 Answer

How to connect to my PIX 501 and use Windows Remote Desktop?


Here's a real simple problem to your remote access problems.
Go to: http://www.logmein.com
Sign up for a free acct, download/install their free software on your Server.
Now go over to your laptop, login to your new logmein acct.
In the next page, you'll see your Server listed. Click on it - follow instructions to connect.
This will tunnel through whatever stuff you have on your network!
Trust me - esp. in your scenario, this is *by far* the *simplest remote connect you'll ever perform! And it just .... works! Everytime.

gurutim

Mar 16, 2009 | Cisco PIX 501 Firewall

1 Answer

Ploblems with dmz-outside (webpage). pix


Remove this line:

static (DMZ,INSIDE) 10.10.0.0 10.10.0.0 netmask 255.255.255.0

You don't need a translation going from a lower security level to a higher one. You will also need a nat line for the dmz so that pc's on the dmz will be translated outbound. The only connection that will work on the dmz is the webserver when he's sending traffic outbound with a source port of 80. Something like:

nat (DMZ) 101 10.10.0.0 255.255.255.0

Other than that, it looks like it should be working. You've got permission, a route, and a translation. Maybe "clear local-host 10.10.0.2" to get rid of any bad xlates and try again. Check debg level syslogs, run packet captures, "clear asp drop" then "show asp drop" after an attempt?

Feb 28, 2009 | Cisco PIX Firewall 506

Not finding what you are looking for?
Cisco PIX 515E Firewall Logo

Related Topics:

382 people viewed this question

Ask a Question

Usually answered in minutes!

Top Cisco Network Security & Firewall Devices Experts

Mark Taylor
Mark Taylor

Level 3 Expert

728 Answers

Candy

Level 2 Expert

82 Answers

Huseyin Huseyin
Huseyin Huseyin

Level 3 Expert

3462 Answers

Are you a Cisco Network Security and Firewall Device Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...