PIX firewall internet problem

25 pts.
Tags:
Cisco PIX Firewall
Firewall configuration
Firewalls
PIX
PIX 515E
Hello this is my pix firewall 515E configuration. Password: Type help or '?' for a list of available commands. pixfirewall> en Password: pixfirewall# show runn : Saved : PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password passwd hostname pixfirewall domain-name 192.168.0.230 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 192.168.0.144 xxx name 192.168.0.8 xxx name 192.168.0.11 xxx name 192.168.0.37 xxx name 192.168.0.41 xxx name 192.168.0.32 xxx object-group network net access-list yyyyy permit ip any host 192.168.1.2 access-list yyyyy permit icmp any any access-list yyyyy permit ip any host 192.168.0.236 access-list yyyyy permit ip any host 192.168.0.235 access-list yyyyy permit ip any host 192.168.0.230 access-list yyyyy permit ip any host 192.168.0.231 access-list yyyyy permit ip any host 192.168.0.118 access-list yyyyy permit ip any host 192.168.0.243 access-list yyyyy permit ip any host 192.168.0.121 access-list yyyyy permit ip any host 192.168.0.120 access-list yyyyy permit ip any host 192.168.0.141 access-list yyyyy permit ip any host 192.168.0.241 access-list yyyyy permit ip any host 192.168.0.242 access-list yyyyy permit ip any host 192.168.0.240 access-list yyyyy permit ip any host 192.168.0.200 access-list yyyyy permit ip any host 192.168.0.245 access-list yyyyy permit ip any host 192.168.0.4 access-list yyyyy permit ip any host 202.163.121.60 access-list yyyyy permit ip any host 202.163.121.61 access-list yyyyy permit ip any host 202.163.121.62 access-list internet deny tcp host 192.168.0.15 any eq www access-list internet deny tcp host xxx any eq www access-list internet deny tcp host 192.168.0.26 any eq www access-list internet deny tcp host 192.168.0.27 any eq www access-list internet deny tcp host xxx any eq www access-list internet deny tcp host xxx any eq www access-list internet deny tcp host 192.168.0.43 any eq www access-list internet deny tcp host 192.168.0.44 any eq www access-list internet deny tcp host 192.168.0.47 any eq www access-list internet deny tcp host 192.168.0.48 any eq www access-list internet deny tcp host 192.168.0.49 any eq www access-list internet deny tcp host 192.168.0.50 any eq www access-list internet deny tcp host 192.168.0.52 any eq www access-list internet deny tcp host 192.168.0.53 any eq www access-list internet deny tcp host 192.168.0.54 any eq www access-list internet deny tcp host 192.168.0.55 any eq www access-list internet deny tcp host 192.168.0.56 any eq www access-list internet deny tcp host 192.168.0.57 any eq www access-list internet deny tcp host 192.168.0.58 any eq www access-list internet deny tcp host 192.168.0.72 any eq www access-list internet deny tcp host 192.168.0.75 any eq www access-list internet deny tcp host 192.168.0.76 any eq www access-list internet deny tcp host 192.168.0.77 any eq www access-list internet deny tcp host 192.168.0.78 any eq www access-list internet deny tcp host 192.168.0.80 any eq www access-list internet deny tcp host 192.168.0.81 any eq www access-list internet deny tcp host 192.168.0.84 any eq www access-list internet deny tcp host 192.168.0.85 any eq www access-list internet deny tcp host 192.168.0.86 any eq www access-list internet deny tcp host 192.168.0.87 any eq www access-list internet deny tcp host 192.168.0.88 any eq www access-list internet deny tcp host 192.168.0.46 any eq www access-list internet deny tcp host 192.168.0.98 any eq www access-list internet deny tcp host 192.168.0.74 any eq www access-list internet deny tcp host 192.168.0.21 any eq www access-list internet deny tcp host 192.168.0.23 any eq www access-list internet deny tcp host 192.168.0.99 any eq www access-list internet deny tcp host 192.168.0.100 any eq www access-list internet deny tcp host 192.168.0.102 any eq www access-list internet deny tcp host 192.168.0.104 any eq www access-list internet deny tcp host 192.168.0.133 any eq www access-list internet deny tcp host 192.168.0.134 any eq www access-list internet deny tcp host 192.168.0.129 any eq www access-list internet deny tcp host 192.168.0.132 any eq www access-list internet deny tcp host 192.168.0.153 any eq www access-list internet deny tcp host 192.168.0.154 any eq www access-list internet deny tcp host 192.168.0.105 any eq www access-list internet deny tcp host 192.168.0.59 any eq www access-list internet deny tcp host 192.168.0.60 any eq www access-list internet deny tcp host xxx any eq www access-list internet deny tcp host xxx any eq www access-list internet deny tcp host 192.168.0.12 any eq www access-list internet deny tcp host 192.168.0.17 any eq www access-list internet deny tcp host 192.168.0.24 any eq www access-list internet deny tcp host 192.168.0.63 any eq www access-list internet deny tcp host 192.168.0.65 any eq www access-list internet deny tcp host 192.168.0.66 any eq www access-list internet deny tcp host 192.168.0.67 any eq www access-list internet deny tcp host 192.168.0.70 any eq www access-list internet deny tcp host 192.168.0.90 any eq www access-list internet deny tcp host 192.168.0.64 any eq www access-list internet deny tcp host 192.168.0.94 any eq www access-list internet deny tcp host 192.168.0.19 any eq www access-list internet deny tcp host 192.168.0.170 any eq www access-list internet deny tcp host 192.168.0.148 any eq www access-list internet deny tcp host 192.168.0.183 any eq www access-list internet deny tcp host 192.168.0.181 any eq www access-list internet deny tcp host 192.168.0.182 any eq www access-list internet deny tcp host 192.168.0.184 any eq www access-list internet deny tcp host 192.168.0.185 any eq www access-list internet deny tcp host 192.168.0.186 any eq www access-list internet deny tcp host 192.168.0.187 any eq www access-list internet deny tcp host 192.168.0.188 any eq www access-list internet deny tcp host 192.168.0.189 any eq www access-list internet deny tcp host 192.168.0.190 any eq www access-list internet deny tcp host 192.168.0.191 any eq www access-list internet deny tcp host 192.168.0.192 any eq www access-list internet deny tcp host 192.168.0.193 any eq www access-list internet deny tcp host 192.168.0.194 any eq www access-list internet deny tcp host 192.168.0.195 any eq www access-list internet deny tcp host 192.168.0.196 any eq www access-list internet deny tcp host 192.168.0.197 any eq www access-list internet deny tcp host 192.168.0.198 any eq www access-list internet deny tcp host 192.168.0.199 any eq www access-list internet deny tcp host 192.168.0.29 any eq www access-list internet deny tcp host 192.168.0.30 any eq www access-list internet deny tcp host 192.168.0.35 any eq www access-list internet deny tcp host 192.168.0.36 any eq www access-list internet permit ip any any access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.11 access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.12 access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.13 access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.14 access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.15 access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.16 access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.17 access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.18 access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.19 access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.20 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside (Public IP) 255.255.255.248 ip address inside 192.168.0.250 255.255.255.0 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 no failover ip address outside no failover ip address inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 111 192.168.0.248 global (outside) 1 (PublicIP) nat (inside) 0 access-list 111 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 192.168.0.230 192.168.0.230 netmask 255.255.255.255 0 0 static (inside,outside) 192.168.0.231 192.168.0.231 netmask 255.255.255.255 0 0 static (inside,outside) 192.168.0.236 192.168.0.236 netmask 255.255.255.255 0 0 static (inside,outside) 192.168.0.235 192.168.0.235 netmask 255.255.255.255 0 0 static (inside,outside) 192.168.0.243 192.168.0.243 netmask 255.255.255.255 0 0 static (inside,outside) 192.168.0.121 192.168.0.121 netmask 255.255.255.255 0 0 static (inside,outside) 192.168.0.240 192.168.0.240 netmask 255.255.255.255 0 0 static (inside,outside) 192.168.0.200 192.168.0.200 netmask 255.255.255.255 0 0 static (inside,outside) 192.168.0.245 192.168.0.245 netmask 255.255.255.255 0 0 static (inside,outside) 192.168.0.4 192.168.0.4 netmask 255.255.255.255 0 0 static (inside,outside) 202.163.121.60 192.168.0.4 netmask 255.255.255.255 0 0 static (inside,outside) 202.163.121.61 192.168.0.232 netmask 255.255.255.255 0 0 static (inside,outside) 192.168.0.242 192.168.0.242 netmask 255.255.255.255 0 0 static (inside,outside) 192.168.0.241 192.168.0.241 netmask 255.255.255.255 0 0 access-group yyyyy in interface outside access-group internet in interface inside conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 Router Interface Public IP 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps tftp-server inside xxxx tftp-root floodguard enable telnet (Public IP) 255.255.255.248 outside telnet 192.168.0.0 255.255.255.0 inside telnet (Router Interface IP) 255.255.255.255 inside telnet timeout 5 ssh timeout 5 console timeout 0 pixfirewall# pixfirewall# pixfirewall# pixfirewall# pixfirewall# My question is....... i want to allow internet on this IP 192.168.0.231 How can i do so???? i have done this no access-list yyyyy permit ip any host 192.168.0.231 and no static (inside,outside) 192.168.0.231 192.168.0.231 netmask 255.255.255.255 0 0 but in vain Please help me

Software/Hardware used:
Pix firewall 6.3

Answer Wiki

Thanks. We'll let you know when a new response is added.

I’m not sure how to fix this, but I did a quick Google search and found this link…

http://www.secmanager.com/how_to_configure_pix_firewall_part2

Is it helpful at all? Hope this helps.

You could always try copying the settings for a computer that has the permissions you want to give to the IP 192.168.0.231 computer.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Koohiisan
    Putting "no" at the beginning of a statement removes it from the config...so..."no access-list yyyy permit..." removes that entry totally (I've seen it remove the whole access-list too, so be careful!). Maybe you need to add "access-list internet permit ip any host 192.168.0.231", except it seems that you are already allowing all after your deny statements. Are you sure the configuration on the PC is correct, and that the firewall is the issue?
    5,020 pointsBadges:
    report
  • Uzairahmad
    thanks
    25 pointsBadges:
    report
  • Uzairahmad
    [...] PIX firewall internet problem [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following