Question : Pix 515 ping inside to outside

I've purchased a pix 515 from eBay and I'm learning to set it up. I can ping from the outside interface to the internet, but I cannot ping from the inside interface to the outside interface.

Setup :
ISP -> dhcp -> Router (inside: 1.1.1.1) -> (outside: 1.1.1.2) Pix -> (inside: 192.168.1.1)

I bind the access-list and access-group to let the ping return. I also turned on debug/logging to see what is going on. I'm not getting any messages from either. I've nat any host on the inside/dmz and created a global PAT to 1.1.1.1. I'm confused at this point because "show route" says 1.1.1.0 is connected directly outside even though show ip says outside interface is 1.1.1.2

C    1.1.1.0 255.255.255.0 is directly connected, outside
C    172.16.16.0 255.255.255.0 is directly connected, dmz
S*   0.0.0.0 0.0.0.0 [1/0] via 1.1.1.1, outside

Iris# show ip
System IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
Ethernet0                outside                1.1.1.2         255.255.255.0   manual
Ethernet1                inside                 192.168.1.1     255.255.255.0   manual
Ethernet2                dmz                    172.16.16.1     255.255.255.0   manual


Can someone help me with this configuration to access the internet from the inside interface?
Code Snippet: 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:

Iris# show run
: Saved
:
PIX Version 7.2(1)
!
hostname Iris
names
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address 1.1.1.2 255.255.255.0
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Ethernet2
 nameif dmz
 security-level 30
 ip address 172.16.16.1 255.255.255.0
!
ftp mode passive
access-list acl_out extended permit icmp any any
pager lines 24
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
no failover
no asdm history enable
arp timeout 14400
global (outside) 1 1.1.1.1 netmask 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
nat (dmz) 1 0.0.0.0 0.0.0.0
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd enable inside
!
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Open in New Window Select All

Answer : Pix 515 ping inside to outside

Okay, make sure your clients have proper DNS server settings.  You can add your ISP's DNS servers to the DHCP server running on the ASA:

dhcpd dns x.x.x.x y.y.y.y    <---where x.x.x.x and y.y.y.y are your ISP's DNS servers

Don't worry about the DNS rewrite, it is something different.  If you can ping but not browse, most likely your clients are missing DNS settings.
Random Solutions  
 
programming4us programming4us