Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1098
Views
0
Helpful
5
Replies

Basic PIX 515E Setup for Internet Access via ADSL Router

davegcarter
Level 1
Level 1

‎02-14-2005 08:18 AM - edited ‎02-20-2020 11:57 PM

Could anyone please help a complete beginner to Cisco PIX Firewalling? To begin with, I need to provide all users on a private LAN with access to the internet via a Speedtouch 500 DSL Router connected to our ISP.

IP information is as follows; (x y z being used for security purposes)

LAN IP Range - 192.9.200.1 - 192.9.200.254/255.255.255.0

IP Address of DSL Router - 8x.6y.9z.190/255.255.255.248

Outside Address of PIX - 8x.6y.9z.189/255.255.255.248

Inside Address of PIX - 192.9.200.200

Available public addresses - 8x.6y.9z.185 - 188

I have gone through the basic setup wizard, looked at online documentation and even followed the step-by-step guide in the Cisco self study manual I've bought but am unable to get any internal hosts to be able to access the outside world. I think I'm missing something very basic here (maybe something to do with routes) so, rather than spend any more time scratching my head - over to you experts!

The job is currently being done by a Sonicwall Pro 100.

0 Helpful
5 Replies 5

jmia
Level 7
Level 7

‎02-14-2005 08:34 AM

David,

Here you go, I used you supplied IP addresses and also included access for PDM and telnet from your internal LAN.

PIX Version 6.3(3)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password

passwd

hostname

domain-name

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 8x.6y.9z.189 255.255.255.248

ip address inside 192.9.200.x 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 8x.6y.9z.190 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.9.200.x 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet 192.9.200.0 255.255.255.0 inside

telnet timeout 5

console timeout 0

terminal width 80

0 Helpful

davegcarter
Level 1
Level 1
In response to jmia

‎02-15-2005 02:35 AM

Thanks a lot for your quick response. When I get chance, I'll hook the firewall into the LAN and see if it works (got to be at the weekend now). I'll let you know whatever. Thanks again.

0 Helpful

stithd
Level 1
Level 1
In response to davegcarter

‎02-15-2005 10:34 AM

Don't forget you will need a route 'inside' however, otherwise any traffic destined for devices not on the same network as the inside interface for the firewall simply won't connect. Also, if you decide to use VPN you are going to need to change your IP addresses as you are currently using registered public IPs inside your network (192.9.x.x is NOT private IP, 192.168.9.x would be). The reason you will have to change is when your users get a DHCP address for your inside network they won't come up the IPSEC tunnel as their default routing will take them out to the Internet.

0 Helpful

davegcarter
Level 1
Level 1
In response to stithd

‎02-20-2005 05:03 AM

I have compared jmia's config to the one I have which was almost identical apart from the the route outside command which I guessed this would be the cause of my trouble. However, when I entered this, it still wouldn't work. I added an 'inside' command but I'm not sure this was correct and am still not having any luck. Both interfaces can are pinging OK so, I still think it's a routing problem. What would be the correct command for the inside route? I will be configuring the firewall for VPN so I appreciate your comments on my 'non-private' address scheme that I inherited from the last manager - a bit more work for me there. However, I'd just like to get the thing in and working as a basic firewall at the moment!

0 Helpful

sameerkhurana
Level 1
Level 1
In response to davegcarter

‎02-22-2005 11:05 AM

Hi All,

I have worked towards Cisco Routers and Switches but never on PIX Firewall. I recently purchased a 501 PIX for my home and looking for the configuration. I will appreciate if somebody can share the configuration or the link from where I can make my small home network secure. Thanks!

Regards,

Sam

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card