PIX 515E Changing from DSL to Cable ISP
in [Cisco]
|
From: sintral on 28 May 2010 18:59 IOS Version 6.2 I cannot access the internet using my new cable modem and the settings below. I'm not sure the exact amount of static IPs we were allotted by the DSL provider (someone may be able to determine it from the configuration below), but we have 6 with the cable company; 199-204. Aside from the changes in the IPs and how they affect static routes, access-lists, and gateways, there must be a setting I'm missing. One thing I did notice is the the ISPs differ on how they've subnetted the IPs I've been given. DSL gave me my own subnet (255.255.255.248) for my x # of addresses. The cable provider gave me 6 addresses with a 255.255.252.0 mask. Below are the snippets, before and after. DSL - (Apparently using addresses 11.16.146.89 - 11.16.146.94 w/ .89 being the gateway) nameif ethernet0 outside security0 ip address outside 11.16.146.90 255.255.255.248 global (outside) 1 11.16.146.92-68.16.146.93 netmask 255.255.255.248 global (outside) 1 11.16.146.94 netmask 255.255.255.248 static (inside,outside) tcp 11.16.146.91 ssh 10.6.18.10 ssh netmask 255.255.255.255 0 0 access-list inbound permit tcp any host 11.16.146.91 eq ssh access-list 101 permit ip 10.6.18.0 255.255.255.0 172.6.18.0 255.255.255.0 nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 11.16.146.89 1 route inside 192.168.0.0 255.255.255.0 10.6.18.9 1 CABLE - (static ips 205.213.231.199 - 205.213.231-204, netmask 255.255.252.0, gateway 205.213.228.1) nameif ethernet0 outside security0 ip address outside 205.213.231.199 255.255.252.0 global (outside) 1 205.213.231.200-205.213.231.203 netmask 255.255.252.0 global (outside) 1 205.213.231.204 netmask 255.255.252.0 static (inside,outside) tcp 205.213.231.200 ssh 10.6.18.10 ssh netmask 255.255.255.255 0 0 access-list inbound permit tcp any host 205.213.231.200 eq ssh access-list 101 permit ip 10.6.18.0 255.255.255.0 172.6.18.0 255.255.255.0 nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 205.213.228.1 1 route inside 192.168.0.0 255.255.255.0 10.6.18.9 1 My guess is that there is either a problem with NAT/PAT or the weird subnet mask (supernetted class C) is causing me problems. You'll notice from the last config line that my cable ISP's gateway would be in a different subnet if this were a true class C. Can anyone tell where I went wrong or what I should try? I tried to include all relevant lines, which are all the ones that I've changed. Thanks, Paul
From: alexd on 29 May 2010 05:28 On 28/05/10 23:59, sintral wrote: > Can anyone tell where I went wrong or what I should try? First thing I would try is plug a PC into your cable modem and just check you can get on the internet. -- <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm(a)ale.cx) 10:26:34 up 31 days, 11:12, 2 users, load average: 0.39, 0.96, 0.98 It is better to have been wasted and then sober than to never have been wasted at all
From: sintral on 30 May 2010 09:33 On May 29, 5:28 am, alexd <troffa...(a)hotmail.com> wrote: > On 28/05/10 23:59, sintral wrote: > > > Can anyone tell where I went wrong or what I should try? > > First thing I would try is plug a PC into your cable modem and just > check you can get on the internet. > Right, sure. I can connect fine without the firewall using all of my static IPs from the cable ISP. Does anyone else see a problem in the configuration? Extra or omitted line?
From: sintral on 30 May 2010 09:38 On May 30, 9:33 am, sintral <sint...(a)gmail.com> wrote: > On May 29, 5:28 am, alexd <troffa...(a)hotmail.com> wrote:> On 28/05/10 23:59, sintral wrote: > > > > Can anyone tell where I went wrong or what I should try? > > > First thing I would try is plug a PC into your cable modem and just > > check you can get on the internet. > > Right, sure. I can connect fine without the firewall using all of my > static IPs from the cable ISP. Does anyone else see a problem in the > configuration? Extra or omitted line? Is it necessary to run a 'clear xlate' after changing the NAT/PAT settings? I just happened up on that and I can't remember if I did that.
|
Pages: 1 Prev: pix 515 version 6.3 vs. 8.0 PAT Next: I AM BUYING THE BEOW CISCO AND MORE. |