# pix firewall 515E internet problem



## uzairsiddiqui (Apr 2, 2011)

Hello
this is my pix firewall 515E configuration.

Password:
Type help or '?' for a list of available commands.
pixfirewall> en
Password: 
pixfirewall# show runn
: Saved
:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 
passwd 
hostname pixfirewall
domain-name 192.168.0.230
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.0.144 xxx
name 192.168.0.8 xxx
name 192.168.0.11 xxx
name 192.168.0.37 xxx
name 192.168.0.41 xxx
name 192.168.0.32 xxx
object-group network net
access-list yyyyy permit ip any host 192.168.1.2
access-list yyyyy permit icmp any any
access-list yyyyy permit ip any host 192.168.0.236
access-list yyyyy permit ip any host 192.168.0.235
access-list yyyyy permit ip any host 192.168.0.230
access-list yyyyy permit ip any host 192.168.0.231
access-list yyyyy permit ip any host 192.168.0.118
access-list yyyyy permit ip any host 192.168.0.243
access-list yyyyy permit ip any host 192.168.0.121
access-list yyyyy permit ip any host 192.168.0.120
access-list yyyyy permit ip any host 192.168.0.141
access-list yyyyy permit ip any host 192.168.0.241
access-list yyyyy permit ip any host 192.168.0.242
access-list yyyyy permit ip any host 192.168.0.240
access-list yyyyy permit ip any host 192.168.0.200
access-list yyyyy permit ip any host 192.168.0.245
access-list yyyyy permit ip any host 192.168.0.4
access-list yyyyy permit ip any host 202.163.121.60
access-list yyyyy permit ip any host 202.163.121.61
access-list yyyyy permit ip any host 202.163.121.62
access-list internet deny tcp host 192.168.0.15 any eq www
access-list internet deny tcp host xxx any eq www
access-list internet deny tcp host 192.168.0.26 any eq www
access-list internet deny tcp host 192.168.0.27 any eq www
access-list internet deny tcp host xxx any eq www
access-list internet deny tcp host xxx any eq www
access-list internet deny tcp host 192.168.0.43 any eq www
access-list internet deny tcp host 192.168.0.44 any eq www
access-list internet deny tcp host 192.168.0.47 any eq www
access-list internet deny tcp host 192.168.0.48 any eq www
access-list internet deny tcp host 192.168.0.49 any eq www
access-list internet deny tcp host 192.168.0.50 any eq www
access-list internet deny tcp host 192.168.0.52 any eq www
access-list internet deny tcp host 192.168.0.53 any eq www
access-list internet deny tcp host 192.168.0.54 any eq www
access-list internet deny tcp host 192.168.0.55 any eq www
access-list internet deny tcp host 192.168.0.56 any eq www
access-list internet deny tcp host 192.168.0.57 any eq www
access-list internet deny tcp host 192.168.0.58 any eq www
access-list internet deny tcp host 192.168.0.72 any eq www
access-list internet deny tcp host 192.168.0.75 any eq www
access-list internet deny tcp host 192.168.0.76 any eq www
access-list internet deny tcp host 192.168.0.77 any eq www
access-list internet deny tcp host 192.168.0.78 any eq www
access-list internet deny tcp host 192.168.0.80 any eq www
access-list internet deny tcp host 192.168.0.81 any eq www
access-list internet deny tcp host 192.168.0.84 any eq www
access-list internet deny tcp host 192.168.0.85 any eq www
access-list internet deny tcp host 192.168.0.86 any eq www
access-list internet deny tcp host 192.168.0.87 any eq www
access-list internet deny tcp host 192.168.0.88 any eq www
access-list internet deny tcp host 192.168.0.46 any eq www
access-list internet deny tcp host 192.168.0.98 any eq www
access-list internet deny tcp host 192.168.0.74 any eq www
access-list internet deny tcp host 192.168.0.21 any eq www
access-list internet deny tcp host 192.168.0.23 any eq www
access-list internet deny tcp host 192.168.0.99 any eq www
access-list internet deny tcp host 192.168.0.100 any eq www
access-list internet deny tcp host 192.168.0.102 any eq www
access-list internet deny tcp host 192.168.0.104 any eq www
access-list internet deny tcp host 192.168.0.133 any eq www
access-list internet deny tcp host 192.168.0.134 any eq www
access-list internet deny tcp host 192.168.0.129 any eq www
access-list internet deny tcp host 192.168.0.132 any eq www
access-list internet deny tcp host 192.168.0.153 any eq www
access-list internet deny tcp host 192.168.0.154 any eq www
access-list internet deny tcp host 192.168.0.105 any eq www
access-list internet deny tcp host 192.168.0.59 any eq www
access-list internet deny tcp host 192.168.0.60 any eq www
access-list internet deny tcp host xxx any eq www
access-list internet deny tcp host xxx any eq www
access-list internet deny tcp host 192.168.0.12 any eq www
access-list internet deny tcp host 192.168.0.17 any eq www
access-list internet deny tcp host 192.168.0.24 any eq www
access-list internet deny tcp host 192.168.0.63 any eq www
access-list internet deny tcp host 192.168.0.65 any eq www
access-list internet deny tcp host 192.168.0.66 any eq www
access-list internet deny tcp host 192.168.0.67 any eq www
access-list internet deny tcp host 192.168.0.70 any eq www
access-list internet deny tcp host 192.168.0.90 any eq www
access-list internet deny tcp host 192.168.0.64 any eq www
access-list internet deny tcp host 192.168.0.94 any eq www
access-list internet deny tcp host 192.168.0.19 any eq www
access-list internet deny tcp host 192.168.0.170 any eq www
access-list internet deny tcp host 192.168.0.148 any eq www
access-list internet deny tcp host 192.168.0.183 any eq www
access-list internet deny tcp host 192.168.0.181 any eq www
access-list internet deny tcp host 192.168.0.182 any eq www
access-list internet deny tcp host 192.168.0.184 any eq www
access-list internet deny tcp host 192.168.0.185 any eq www
access-list internet deny tcp host 192.168.0.186 any eq www
access-list internet deny tcp host 192.168.0.187 any eq www
access-list internet deny tcp host 192.168.0.188 any eq www
access-list internet deny tcp host 192.168.0.189 any eq www
access-list internet deny tcp host 192.168.0.190 any eq www
access-list internet deny tcp host 192.168.0.191 any eq www
access-list internet deny tcp host 192.168.0.192 any eq www
access-list internet deny tcp host 192.168.0.193 any eq www
access-list internet deny tcp host 192.168.0.194 any eq www
access-list internet deny tcp host 192.168.0.195 any eq www
access-list internet deny tcp host 192.168.0.196 any eq www
access-list internet deny tcp host 192.168.0.197 any eq www
access-list internet deny tcp host 192.168.0.198 any eq www
access-list internet deny tcp host 192.168.0.199 any eq www
access-list internet deny tcp host 192.168.0.29 any eq www
access-list internet deny tcp host 192.168.0.30 any eq www
access-list internet deny tcp host 192.168.0.35 any eq www
access-list internet deny tcp host 192.168.0.36 any eq www
access-list internet permit ip any any
access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.11
access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.12
access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.13
access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.14
access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.15
access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.16
access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.17
access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.18
access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.19
access-list 111 permit ip 192.168.0.0 255.255.255.0 host 172.16.0.20
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside (Public IP) 255.255.255.248
ip address inside 192.168.0.250 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 111 192.168.0.248
global (outside) 1 (PublicIP)
nat (inside) 0 access-list 111
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 192.168.0.230 192.168.0.230 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.231 192.168.0.231 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.236 192.168.0.236 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.235 192.168.0.235 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.243 192.168.0.243 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.121 192.168.0.121 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.240 192.168.0.240 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.200 192.168.0.200 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.245 192.168.0.245 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.4 192.168.0.4 netmask 255.255.255.255 0 0
static (inside,outside) 202.163.121.60 192.168.0.4 netmask 255.255.255.255 0 0
static (inside,outside) 202.163.121.61 192.168.0.232 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.242 192.168.0.242 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.0.241 192.168.0.241 netmask 255.255.255.255 0 0
access-group yyyyy in interface outside
access-group internet in interface inside
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 Router Interface Public IP 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside xxxx tftp-root
floodguard enable
telnet (Public IP) 255.255.255.248 outside
telnet 192.168.0.0 255.255.255.0 inside
telnet (Router Interface IP) 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#

My question is.......
i want to allow internet on this IP 192.168.0.231
How can i do so????
i have done this
no access-list yyyyy permit ip any host 192.168.0.231
and
no static (inside,outside) 192.168.0.231 192.168.0.231 netmask 255.255.255.255 0 0
Internet is on but outside user can not access 192.168.0.231 because it is our server address. host unreachable message is giving on their side.
Please help me


----------

