PIX 515E Changing from DSL to Cable ISP

PIX 515E Changing from DSL to Cable ISP

Post by sintra » Sun, 30 May 2010 07:59:54


IOS Version 6.2

I cannot access the internet using my new cable modem and the settings
below.

I'm not sure the exact amount of static IPs we were allotted by the
DSL provider (someone may be able to determine it from the
configuration below), but we have 6 with the cable company; 199-204.
Aside from the changes in the IPs and how they affect static routes,
access-lists, and gateways, there must be a setting I'm missing. One
thing I did notice is the the ISPs differ on how they've subnetted the
IPs I've been given. DSL gave me my own subnet (255.255.255.248) for
my x # of addresses. The cable provider gave me 6 addresses with a
255.255.252.0 mask. Below are the snippets, before and after.

DSL - (Apparently using addresses 11.16.146.89 - 11.16.146.94 w/ .89
being the gateway)
nameif ethernet0 outside security0
ip address outside 11.16.146.90 255.255.255.248
global (outside) 1 11.16.146.92-68.16.146.93 netmask 255.255.255.248
global (outside) 1 11.16.146.94 netmask 255.255.255.248
static (inside,outside) tcp 11.16.146.91 ssh 10.6.18.10 ssh netmask
255.255.255.255 0 0
access-list inbound permit tcp any host 11.16.146.91 eq ssh
access-list 101 permit ip 10.6.18.0 255.255.255.0 172.6.18.0
255.255.255.0
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 11.16.146.89 1
route inside 192.168.0.0 255.255.255.0 10.6.18.9 1

CABLE - (static ips 205.213.231.199 - 205.213.231-204, netmask
255.255.252.0, gateway 205.213.228.1)
nameif ethernet0 outside security0
ip address outside 205.213.231.199 255.255.252.0
global (outside) 1 205.213.231.200-205.213.231.203 netmask
255.255.252.0
global (outside) 1 205.213.231.204 netmask 255.255.252.0
static (inside,outside) tcp 205.213.231.200 ssh 10.6.18.10 ssh netmask
255.255.255.255 0 0
access-list inbound permit tcp any host 205.213.231.200 eq ssh
access-list 101 permit ip 10.6.18.0 255.255.255.0 172.6.18.0
255.255.255.0
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 205.213.228.1 1
route inside 192.168.0.0 255.255.255.0 10.6.18.9 1

My guess is that there is either a problem with NAT/PAT or the weird
subnet mask (supernetted class C) is causing me problems. You'll
notice from the last config line that my cable ISP's gateway would be
in a different subnet if this were a true class C. Can anyone tell
where I went wrong or what I should try? I tried to include all
relevant lines, which are all the ones that I've changed.

Thanks,
Paul
 
 
 

PIX 515E Changing from DSL to Cable ISP

Post by alex » Sun, 30 May 2010 18:28:31


First thing I would try is plug a PC into your cable modem and just
check you can get on the internet.

--
< http://www.yqcomputer.com/ ; (AIM:troffasky) ( XXXX@XXXXX.COM )
10:26:34 up 31 days, 11:12, 2 users, load average: 0.39, 0.96, 0.98
It is better to have been wasted and then sober
than to never have been wasted at all

 
 
 

PIX 515E Changing from DSL to Cable ISP

Post by sintra » Mon, 31 May 2010 22:33:43


Right, sure. I can connect fine without the firewall using all of my
static IPs from the cable ISP. Does anyone else see a problem in the
configuration? Extra or omitted line?
 
 
 

PIX 515E Changing from DSL to Cable ISP

Post by sintra » Mon, 31 May 2010 22:38:41


Is it necessary to run a 'clear xlate' after changing the NAT/PAT
settings? I just happened up on that and I can't remember if I did
that.