Setting up PIX535 but no network connection at all
I am setting up spare firewall on an old PIX 535. I reset the box to factory default, assign the inside interfact an IP address and use a cross-over cable to for a laptop to connet to PIX. The problem is I am not able to ping the firewall from the laptop vise versa. There is no any ACL on the PIX. What could go wrong?
The PIX is now on 6.3(3). I hate the old IOS. I am trying to update it to 8.0 but the first thing I need to have is a network access. The inferface is not shutdown and it has an IP address assigned. What could possibly cause the default setting without network access?
Software/Hardware used:
PIX 535 on 6.3(3)
The PIX is now on 6.3(3). I hate the old IOS. I am trying to update it to 8.0 but the first thing I need to have is a network access. The inferface is not shutdown and it has an IP address assigned. What could possibly cause the default setting without network access?
Software/Hardware used:
PIX 535 on 6.3(3)
ASKED:
May 19, 2010 7:18 PM
UPDATED:
August 19, 2010 2:57 PM
Answer Wiki:
There could be a bunch of issues.
Have you tested to see if your crossover cable is good?
Have you checked the "show interface" command to see what the interface is reporting?
Have you checked the logs while trying to ping to see if it is rejecting the packet?
Double checked your ips to make sure your laptop and pix are in th same ip range with correct subnet info?
Also, if you post your config on here we might be able to see what is wrong with the setup.
Hope that helps.
Ryan Gunther
http://www.onlinetech.com
To see all answers submitted to the Answer Wiki: View Answer History.
I seem to remember that this is default behavior on the device for this IOS. Don’t quote me on this, but I think I have seen this before. If you can telnet or SSH to the box, then it is reachable. ICMP is disabled by default.
Thanks for helping.
- The crossover cable is good. Tried a couple of cables already.
- show interface says it’s up and received 257 packets but all of them are the broadcast packet. Looks like my ping didn’t get thru.
- logging is disabled by default. I have it enabled. Set logging console, but need to set the level. What level of logging shold I set? I don’t like the old IOS.
- IPs are in the same subnet.
- telnet to pix doesn’t work either.
Here is the config:
======================
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password 5L9eZV6A9wv9aP67 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname wt-firewall
domain-name sasaki.local
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
<— More —>
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
logging on
logging console notifications
mtu outside 1500
mtu inside 1500
mtu dmz 1500
no ip address outside
ip address inside 172.16.1.2 255.255.252.0
no ip address dmz
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address dmz
pdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
<— More —>
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 172.16.1.120 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:14e87e62598e3dc396ccae4a12816122
: end