RE: cisco 2811 to 506e NOT WORKING

Yes, I'm sure of that ... working with my ISP to that end.

thanks,
sandy

Brian McDonald <bmghosthotmail.com> wrote:

Arre you sure the route outside is pointing to the right ip address?

>From: sandy herbs
>Reply-To: PIX_Firewallyahoogroups.com
>;To: PIX_Firewallyahoogroups.com
>;Subject: RE: [PIX_Firewall] cisco 2811 to 506e NOT WORKING
&gt;Date: Wed, 17 Jan 2007 10:01:02 -0800 (PST)
>
>do I need the NAT statement on the inside interface?
>
>thank you,
>sandy
>
&gt;"Andrew Isdale (ZA)" wrote:
>; Sounds to me like it could be a duplex mismatch.
>
> Try “interface ethernet0 100full” on the PIX
>
&gt; Safe.
>
>
>
>---------------------------------
>;
> From: PIX_Firewallyahoogroups.com [mailto:PIX_Firewallyahoogroups.com]
>On Behalf Of sandyhrbs
> Sent: Friday, January 12, 2007 11:47 PM
> To: PIX_Firewallyahoogroups.com
>; Subject: [PIX_Firewall] cisco 2811 to 506e NOT WORKING
&gt;
>
>; I am upgrading an IVAD (data & phone) connection to a pure T-1
> connection introducing a Cisco 2811 Router. I am reusing my 506e
> Cisco firewall. When turning up the circuit, my router worked fine
> and my ISP could see the serial interface, but could not see my pix
> "line protocol down". If I plugged my laptop directly to the router
>; bypassing the pix...there was no probs. I did not make any changes on
> my pix. Is the 506e compatible w/a 2811 router? Do I need to make a
> change on my pix config ? What else could be the problem? I have
> included a copy of my config on the pix below. THANKS!!!
>
> PIX Version 6.3(3)
>; interface ethernet0 auto
> interface ethernet1 100full
&gt; nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> enable password JAogGoP.yZT107Kz encrypted
> passwd kQ89ZvMlcgQ.0l/4 encrypted
> hostname pixfirewall
> domain-name m3-group.com
> fixup protocol dns maximum-length 512
> fixup protocol ftp 21
> fixup protocol h323 h225 1720
> fixup protocol h323 ras 1718-1719
> fixup protocol http 80
> fixup protocol rsh 514
> fixup protocol rtsp 554
> fixup protocol sip 5060
> fixup protocol sip udp 5060
> fixup protocol skinny 2000
> no fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol tftp 69
> names
> name 192.168.100.50 kitchen
&gt; access-list inside_outbound_nat0_a cl permit ip 10.0.0.0 255.0.0.0
> 192.168.100.0
> 255.255.255.224
> access-list outside_cryptomap_dyn_20 permit ip 10.0.0.0 255.0.0.0
> 192.168.100.0
> 255.255.255.224
> access-list inbound permit tcp any host 10.0.0.1 eq ssh
> access-list acl_inside permit tcp any any
> access-list acl_inside permit udp any any
> access-list acl_inside permit icmp any any
> access-list 101 permit tcp any host 66.243.86.214 eq smtp
> access-list 101 permit tcp any host 66.243.86.215 eq www
> access-list 101 permit tcp any host 66.243.86.214 eq www
> access-list 101 permit tcp any host 66.243.86.215 eq ftp
> access-list 101 permit tcp any host 66.243.86.210 eq www
> access-list 101 permit tcp any host 66.243.86.216 eq ftp
> access-list 101 permit tcp any host 66.243.86.212 eq www
> access-list 101 permit tcp any host 66.243.86.218 eq www
> access-list 101 p ermit tcp any host 66.243.86.217 eq www
> pager lines 24
> logging console debugging
> icmp permit 10.0.0.0 255.0.0.0 echo-reply outside
&gt; mtu outside 1500
> mtu inside 1500
> ip address outside 66.243.86.213 255.255.255.240
> ip address inside 10.0.0.1 255.0.0.0
> ip audit info action alarm
> ip audit attack action alarm
> ip local pool m3vpnpool 192.168.100.10-192.168.100.30
> pdm location 10.0.0.8 255.255.255.255 inside
>; pdm location 10.0.0.7 255.255.255.255 inside
>; pdm history enable
>; arp timeout 14400
> global (outside) 1 interface
> nat (inside) 0 access-list inside_outbound_nat0_acl
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> static (inside,outside) 66.243.86.215 10.0.0.19 netmask
&gt; 255.255.255.255 0 0
> static (inside,outside) 66.243.86.214 10.0.0.25 netmask
&gt; 255.255.255.255 0 0
> static (inside, outside) 66.243.86.216 10.0.0.7 netmask 255.255.255.255 0
>0
>; static (inside,outside) 66.243.86.210 10.0.0.5 netmask 255.255.255.255 0
>0
>; static (inside,outside) 66.243.86.212 10.0.0.9 netmask 255.255.255.255 0
>0
>; static (inside,outside) 66.243.86.218 10.0.0.11 netmask
&gt; 255.255.255.255 0 0
> static (inside,outside) 66.243.86.217 10.0.0.10 netmask
&gt; 255.255.255.255 0 0
> static (inside,outside) 66.243.86.211 kitchen netmask 255.255.255.255 0 0
> access-group 101 in interface outside
&gt; access-group acl_inside in interface inside
>; route outside 0.0.0.0 0.0.0.0 66.243.86.209 2
> timeout xlate 3:00:00
&gt; timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
> 1:00:00
&gt; timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
&gt; timeout uauth 0:05:00 absolute
&gt; aaa-server TACACS+ protocol tacacs+;
> aaa-server RADI US protocol radius
>; aaa-server LOCAL protocol local
> aaa-server m3aaa protocol radius
>; aaa-server m3aaa (inside) host 10.0.0.7 12626123 timeout 5
> http server enable
>; http 10.0.0.8 255.255.255.255 inside
>; no snmp-server location
&gt; no snmp-server contact
&gt; snmp-server community public
>; no snmp-server enable traps
> floodguard enable
>; sysopt connection permit-ipsec
> crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
> crypto ipsec security-association lifetime seconds 900
> crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
> crypto dynamic-map outside_dyn_map 20 set security-association
> lifetime seconds
&gt; 28800 kilobytes 4608000
&gt; crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
> crypto map outside_map client authentication m3aaa
> crypto map outside_map interface outside
&gt; isakmp enable outside
&gt; isakmp nat-traversal 20
> isakmp policy 20 authentication pre-share
> isakmp policy 20 encryption 3des
> isakmp policy 20 hash md5
> isakmp policy 20 group 2
> isakmp policy 20 lifetime 86400
> vpngroup m3vpn address-pool m3vpnpool
> vpngroup m3vpn dns-server 10.0.0.3 10.0.0.4
&gt; vpngroup m3vpn wins-server 10.0.0.3 10.0.0.4
&gt; vpngroup m3vpn split-tunnel outside_cryptomap_dyn_20
> vpngroup m3vpn idle-time 1800
> vpngroup m3vpn max-time 86400
> vpngroup m3vpn password ********
&gt; telnet 10.0.0.0 255.0.0.0 inside
>; telnet 10.0.0.1 255.255.255.255 inside
>; telnet timeout 5
> ssh timeout 60
> management-access inside
>; console timeout 0
> terminal width 80
> Cryptochecksum:e901df9316d70033caae435b5e05db6b
> : end
>
&gt;
>
&gt; This email and all contents are subject to the followi ng disclaimer:
> "http://www.dimensiondata.com/emaildisclaimer.htm"
>
>
&gt;
>
&gt;
>
>;
>---------------------------------
&gt;Bored stiff? Loosen up...
>Download and play hundreds of games for free on Yahoo! Games.

_________________________________________________________________
Invite your Hotmail contacts to join your friends list with Windows Live
Spaces
http://clk.atdmt.com/MSN/go/msnnkwsp0070000001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&amp;wx_url=/friends.aspx&mkt=en-us




Yahoo! Groups Links

<;*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PIX_Firewall/

<*&gt; Your email settings:
Individual Email | Traditional

<*>; To change settings online go to:
http://groups.yahoo.com/group/PIX_Firewall/join
(Yahoo! ID required)

<*> To change settings via email:
mailto:PIX_Firewall-digestyahoogroups.com
mailto:PIX_Firewall-fullfeaturedyahoogroups.com

&lt;*> To unsubscribe from this group, send an email to:
PIX_Firewall-unsubscribeyahoogroups.com

&lt;*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/

;

---

Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.

Messages in this topic (6) Reply (via web post) | Start a new topic

.