PIX 506e

Tried it. didn't seem to work.

WARNING: Binding inside nat statement to outermost interface.tering: Enabled.0 25
WARNING: Keyword "outside" is probably missing. 20000 usec, rely 255/255, load 1/255
BPIX(config)#
BPIX(config)#
BPIX# sh runsts:
: SavedUnlimit
:
PIX Version 6.3(3)
interface ethernet0 autoLAY, loopback not set, k
interface ethernet1 autoare pass
nameif ethernet0 outside security0

Th
nameif ethernet1 inside security100

fixup protocol http 80ing strategy: fifo
fixup protocol rsh 514p
Output queue 0/4
fixup protocol rtsp 5540/75, 0 drops0imeout co
fixup protocol sip 5060
fixup protocol sip udp 5060
5 minute input rate
fixup protocol skinny 20001 inside security10
fixup protocol smtp 25
fixup protocol sqlnet 1521 output rate 0 bits/sec, 0
fixup protocol tftp 69co
names
pager lines 24
mtu outside 1500ets input, 24027
mtu inside 1500
mtu inside 1500
pdm history enable
arp timeout 14400
nat (outside) 1 217.16.67.248 255.255.255.255 0 0
nat (inside) 1 10.10.10.0 255.255.255.0 0 0
route outside 0.0.0.0 0.0.0.0 217.16.67.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:7b6e8f1b6818a616e9b10d6e36f18b24
: end
BPIX#

The 255.255.252.0 Is what i get from my isp when i do DHCP on my nat interface.

Bublitz,


Looks like you missed-typed one thing... try this:

Remove this:

no nat (outside) 1 217.16.67.248 255.255.255.255 0 0

Add this:

global (outside) 1 interface


For every NAT, you must have a Global - or else it won't do anything.

If your outside interface IP address on the PIX is valud with your ISP, you should be able to do simple web browsing, etc. from the inside of the firewall without any problems.

Let me know how this works...

tGc

ill give this a try.

Its working!

Yea I been messing around with these for a little bit. So I know how to do out side and inside access-lists now.

Thats so simple its insane. Thanks for your help. I was using documentation from cisco site and that just wasnt working.

global (outside) 5 209.165.202.140-209.165.202.141 netmask 255.255.255.224
nat (inside) 5 10.100.1.0 255.255.255.0 0 0

And a bunch of other ways I think its because I only have 1 ip and that was already specified on my outside interface. So when I tried to do that it was over lapping causing problems.

Yea your right. Prarie wave is my provider they use that HUGE block of address 255.255.252.0. That is the address you get when you dhcp your outside address.

Im working on getting ssh to work on these Pix. Then I need to try a site to site VPN. Once I get that going ill keep all my documentation on file ill be able to do work on these no problem.

Like always ill try it my self use cisco and a config I have. If i have any problems ill post it. Thanks for the HELP! (=

Opps almost forgot im going to try and use QoS outgoing I need that also. Not sure if the PIX can do incoming Qos too. I use Diff serv on routers can the PIX do diff serv for QoS or just do QoS just for certan VPN tunnels?