|
Question : Allowing NTP through PIX 501
|
|
ISP/DSL -->Wireless Router PIX 501 Cisco 2610
Problem: I am able to reach the Internet from the PIX but not able to reach the Internet or synchronize ntp on the Cisco 2610.
PIX 501 Config
PIX Version 6.3(4) interface ethernet0 10baset interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 clock timezone EST -5 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list from_outside permit udp host 66.150.161.140 192.168.1.0 255.255.255.0 eq ntp access-list from_outside permit icmp any any access-list from_outside permit ip any any access-list from_inside permit udp 192.168.1.0 255.255.255.0 any eq ntp access-list from_inside permit icmp any any access-list from_inside permit ip any any pager lines 24 logging on logging timestamp logging monitor warnings logging buffered warnings logging trap warnings logging history warnings logging host inside 192.168.1.21 icmp permit any outside icmp permit any inside mtu outside 1300 mtu inside 1300 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 66.150.161.140 192.168.1.32 netmask 255.255.255.255 0 0 access-group from_outside in interface outside access-group from_inside in interface inside route outside 0.0.0.0 0.0.0.0 interface timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL aaa authorization command LOCAL ntp server 130.207.244.240 key 1660 source outside prefer snmp-server location Home snmp-server contact MP snmp-server community public snmp-server enable traps floodguard enable sysopt connection permit-ipsec telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh timeout 60 console timeout 0 terminal width 80 Cryptochecksum:3c20046872af31f07ae2dcf400aa5961 : end
Cisco 2610 Config:
version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! logging buffered 4096 debugging no logging console ! ip subnet-zero ! ! ! call rsvp-sync ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.32 255.255.255.0 full-duplex ! ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0/0 no ip http server ip pim bidir-enable ! ! voice-port 1/0/0 ! voice-port 1/0/1 ! dial-peer cor custom ! ! ! ! line con 0 line aux 0 line vty 0 4 privilege level 15 logging synchronous login ! ntp source Ethernet0/0 ntp server 66.150.161.140 prefer end
|
Answer : Allowing NTP through PIX 501
|
|
PAQed with points refunded (125)
modulo Community Support Moderator
|
|
|