Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PIX 525 No NATconfiguration

from [Ercan Elibol] Network Security [Permanent Link]
Subject: PIX 525 No NATconfiguration
Date: Mon, 17 Oct 2005 18:49:51 -0400 
hi,
I have a 525 PIX firewall running IOS 7.0. I can not ping through the
firewall. Inside interface is conencted to a PC, I can ping it from
firewall. Outside interface is conencted to a Cisco 3845 router, and I can
ping it from firewall. But for some reason I can not ping cisco 3845 from
PC. And I am not trying to do a NAT configuration. what am i missing here?
Here is my config, any help appricated very much. thanks



PIX Version 7.0(1)
names
!
interface Ethernet0
duplex full
nameif OUTSIDE
security-level 0
ip address 10.168.253.253 <http://10.168.253.253>
255.255.255.252<http://255.255.255.252>
!
interface GigabitEthernet0
nameif INSIDE
security-level 100
ip address 10.168.2.2 <http://10.168.2.2> 255.255.255.0<http://255.255.255.0>
!
enable password
passwd
hostname pixfirewall
domain-name default.domain.invalid
ftp mode passive
access-list INSIDE_IN extended permit ip any any
access-list INSIDE_IN extended permit tcp any any
access-list OUTSIDE_IN extended permit ip any any
access-list OUTSIDE_IN extended permit tcp any any
pager lines 24
logging enable
logging buffered informational
mtu OUTSIDE 1500
mtu INSIDE 1500
no failover
monitor-interface OUTSIDE
monitor-interface INSIDE
asdm image flash:/asdm-501.bin
no asdm history enable
arp timeout 14400
nat (INSIDE) 0 10.168.2.0 <http://10.168.2.0>
255.255.255.0<http://255.255.255.0>
access-group OUTSIDE_IN in interface OUTSIDE
access-group INSIDE_IN in interface INSIDE
route OUTSIDE 0.0.0.0 <http://0.0.0.0> 0.0.0.0 <http://0.0.0.0>
10.168.253.254 <http://10.168.253.254> 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.168.2.0 <http://10.168.2.0> 255.255.255.0 <http://255.255.255.0>INSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
telnet 10.168.2.0 <http://10.168.2.0> 255.255.255.0
<http://255.255.255.0>INSIDE
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
: end
  here is the log info:
%PIX-6-609001: Built local-host OUTSIDE:10.168.253.254<http://10.168.253.254>
%PIX-6-302020: Built ICMP connection for faddr
10.168.253.254/0<http://10.168.253.254/0>gaddr
10.168.2.10/512 <http://10.168.2.10/512> laddr
10.168.2.10/512<http://10.168.2.10/512>
%PIX-6-302021: Teardown ICMP connection for faddr
10.168.253.254/0<http://10.168.253.254/0>gaddr
10.168.2.10/512 <http://10.168.2.10/512> laddr
10.168.2.10/512<http://10.168.2.10/512>
%PIX-6-609002: Teardown local-host
OUTSIDE:10.168.253.254<http://10.168.253.254>duration 0:00:02
%PIX-6-609001: Built local-host OUTSIDE:10.168.253.254<http://10.168.253.254>
%PIX-6-302020: Built ICMP connection for faddr
10.168.253.254/0<http://10.168.253.254/0>gaddr
10.168.2.10/512 <http://10.168.2.10/512> laddr
10.168.2.10/512<http://10.168.2.10/512>
%PIX-6-302021: Teardown ICMP connection for faddr
10.168.253.254/0<http://10.168.253.254/0>gaddr
10.168.2.10/512 <http://10.168.2.10/512> laddr
10.168.2.10/512<http://10.168.2.10/512>
%PIX-6-609002: Teardown local-host
OUTSIDE:10.168.253.254<http://10.168.253.254>duration 0:00:02
%PIX-6-609001: Built local-host OUTSIDE:10.168.253.254<http://10.168.253.254>
%PIX-6-302020: Built ICMP connection for faddr
10.168.253.254/0<http://10.168.253.254/0>gaddr
10.168.2.10/512 <http://10.168.2.10/512> laddr
10.168.2.10/512<http://10.168.2.10/512>
%PIX-6-302021: Teardown ICMP connection for faddr
10.168.253.254/0<http://10.168.253.254/0>gaddr
10.168.2.10/512 <http://10.168.2.10/512> laddr
10.168.2.10/512<http://10.168.2.10/512>
%PIX-6-609002: Teardown local-host
OUTSIDE:10.168.253.254<http://10.168.253.254>duration 0:00:02
%PIX-6-609001: Built local-host OUTSIDE:10.168.253.254<http://10.168.253.254>
%PIX-6-302020: Built ICMP connection for faddr
10.168.253.254/0<http://10.168.253.254/0>gaddr
10.168.2.10/512 <http://10.168.2.10/512> laddr
10.168.2.10/512<http://10.168.2.10/512>
%PIX-6-302021: Teardown ICMP connection for faddr
10.168.253.254/0<http://10.168.253.254/0>gaddr
10.168.2.10/512 <http://10.168.2.10/512> laddr
10.168.2.10/512<http://10.168.2.10/512>
%PIX-6-609002: Teardown local-host
OUTSIDE:10.168.253.254<http://10.168.253.254>duration 0:00:02
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  CISCO V7.0(2) stable ?, gilles . lami
Next by Date:  RE: Blocking mass mailings caused by viruses, James Allen - Sherman Oaks (Senior Network Administrator)
Previous by Thread:  CISCO V7.0(2) stable ?, gilles . lami
Next by Thread:  RE: PIX 525 No NATconfiguration, Jan Nielsen
Indexes:  [Date] [Thread] [Top] [All Lists]