Question about Cisco PIX 515E Firewall

1 Answer

Pix 515E inside to outside translation problem

Dear Sir,

We need your assistance to resolve our problem. Attachment file is the running configuration for your reference. This is regarding the PIX 515 E firewall.
The Problem is as follows:
Scenarios are: we have two different ISP, both the links are working fine if we terminated into cisco Router 2800. If I terminated the ISP 1 Link into Pix firewall. Almost last ten days there is no issue. Internet working fine in the inside network. But from the last two day I have facing a problem that I can access web sites in the Firewall. But not in the inside Network. If I change the ISP 1 link to ISP 2 Link . It is working fine. I can access the internet in inside. Nothing I had changed. Only the connectivity and the IP address. But we need to run the ISP 1 link in the firewall. Please suggest the necessary changes for successful running of the link from inside also.

ISP 1 Link address Details :

ip address outside 203.193.129.132 255.255.255.240
global (outside) 1 203.193.129.133
route outside 0.0.0.0 0.0.0.0 203.193.129.129 1

ISP 2 Link address Details :

ip address outside 121.246.145.170 255.0.0.0
global (outside) 1 121.246.145.173
route outside 0.0.0.0 0.0.0.0 121.246.145.1 1

Awaiting for your quick response.

Regards,

D.Kiran Kumar
STPI-Warangal

Posted by on

1 Answer

  • Level 1:

    An expert who has achieved level 1.

    Problem Solver:

    An expert who has answered 5 questions.

  • Contributor
  • 5 Answers

Dear Kiran,

What is the name assigned for isp 1 as well as isp2.

for your reference kindly find the sample configuration......
ISP 1:
interface ethernet 0 100 full
nameif outside security-lvl 0
ip address outside 203.193.129.132 255.255.255.240.
nat (inisde) 1 (local network)
global (outside) 1 203.193.129.133
route outside 0 0 203.193.129.129.1.

regards,
mani.S

Posted on Mar 13, 2009

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of (from cars to computers, handyman, and even drones).
click here to download the app (for users in the US for now) and get all the help you need.
goodluck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

2 Answers

I have two Cisco routers one is a 501Pix(located at branch Office), the other is a 515E Pix (located at main office). I've configured a vpn tunnel to the router at the main office. The router at the branch...


Hi,
  1. Please check whether the Tunnel Phase 1 and Phase 2 are Up.If Not Proceed Next, if Yes Proceed to point 4
  2. Please check the peer IP is reachable
  3. Please check the configuration and the encapsulation method used
  4. Check whether in the Match Address whether the IP has been Allowed If Yes Proceed Next
  5. The Branch PIX will be in the Outside interface of the Main PIX, security Level will be enabled so do NAT. If Yes Proceed next
  6. If unable to ping enable the Inspect ICMP in the global policy to enable ping If Yes
  7. If all The above are done. please check the routes between the 2 remote computer.
Please check all the above point, surely your problems will be solved

Feb 26, 2011 | Cisco PIX 501 Firewall

2 Answers

Replacing a PIX 515E with an ASA 5510


Best way to migrate is to take the configuration of the old PIX and TFTP it to a PC or other server for safe keeping.

Then boot up the ASA in a lab environment and TFTP the configuration to the new unit and reboot. There will be some commands that don't translate correctly, but you can compare the configurations to each other to make sure all the access lists and NAT statements get transferred across.

Keep in mind that the PIX and the ASA name their interfaces differently, so there may be errors when you transfer the configuration. You can edit the configuration offline with something like Notepad and change the names of the interfaces to have it work.

Good luck!

Jan 29, 2010 | Cisco ASA 5510 Firewall

1 Answer

How to configure MAC access list at PIX 515


The PIX is a layer 3 device, I cant say that I have ever tried to filter a mac address. I'm pretty sure you cant

Jan 02, 2010 | Cisco PIX 515E Firewall

1 Answer

I want to block an outside IP-address and some sites on PIX 515E


Assuming you are running the latest version.
Short answer:
# access-list acl-outside line 1 deny ip IPYOUWANTTOBLOCK 255.255.255.255 any # write memory
The link below contains a longer helpful explanation: http://www.velocityreviews.com/forums/t35733-how-to-block-external-ip-address-on-pix-515e.html
I hope this helps.

Nov 09, 2009 | Cisco PIX 515E Firewall

1 Answer

Cisco pix 515 workstations cant get outside pix can


You have to create a route statement to allow workstations to get online.

Below is the command:
route interface_name ip_address netmask gateway_ip

Example:
route outside 0.0.0.0 0.0.0.0 200.200.200.1
or
route outside 0 0 200.200.200.1

When there is already a route statement but still cannot get online, check the DNS settings.

Oct 08, 2009 | Cisco PIX 515E Firewall

1 Answer

How ti block the orkut in cisco firewall pix515E


you can only block orkut sites that you know by IP but the Pix alone cannot do it since it requires an application like websense to do URL filtering. If you have the IPs and need help creating the ACLs, feel free to let me know

Apr 11, 2009 | Cisco PIX 515E Firewall

1 Answer

User cannot log on to a web site from our network


please check after disabling javascript/activex filtering on your firewall only for this site.
If you could post me the configuration then it would be really good.

Apr 06, 2009 | Cisco PIX 515E Firewall

1 Answer

Ploblems with dmz-outside (webpage). pix


Remove this line:

static (DMZ,INSIDE) 10.10.0.0 10.10.0.0 netmask 255.255.255.0

You don't need a translation going from a lower security level to a higher one. You will also need a nat line for the dmz so that pc's on the dmz will be translated outbound. The only connection that will work on the dmz is the webserver when he's sending traffic outbound with a source port of 80. Something like:

nat (DMZ) 101 10.10.0.0 255.255.255.0

Other than that, it looks like it should be working. You've got permission, a route, and a translation. Maybe "clear local-host 10.10.0.2" to get rid of any bad xlates and try again. Check debg level syslogs, run packet captures, "clear asp drop" then "show asp drop" after an attempt?

Feb 28, 2009 | Cisco PIX Firewall 506

1 Answer

Changing the NAT typer from "moderate" to "open"


Follow these steps to use this solution:
  1. Use the no ip nat {inside | outside}command to disable future translations from taking place.
  2. Use the clear ip nat translation command to clear IP NAT translations.
  3. Change the NAT configuration.
  4. Restore the NAT {inside | outside} arguments with the ip nat {inside | outside} configuration command.RICHARDM69

Dec 15, 2008 | Linksys Wireless-G WRT54GS Router...

Not finding what you are looking for?
Cisco PIX 515E Firewall Logo

Related Topics:

382 people viewed this question

Ask a Question

Usually answered in minutes!

Top Cisco Computers & Internet Experts

Prashant M
Prashant M

Level 3 Expert

2260 Answers

brian soufane

Level 3 Expert

693 Answers

Les Dickinson
Les Dickinson

Level 3 Expert

18386 Answers

Are you a Cisco Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...