Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1613
Views
0
Helpful
5
Replies

Configuration help for PIX 501

mossad
Level 1
Level 1

‎03-06-2005 01:28 AM - edited ‎02-20-2020 11:59 PM

Hi,

I have just acquired a Pix 501 with 10 user licences and i do not have any knowledge in configuration of firewall.

My existing network consists of a Aztech Router cum ADSL modem and a Cisco 2900 switch. I am using dynamic IP address form my ISP for my Aztech router cum ADSL modem. I try to connect the outside interface to the router and the 1 port on the inside interface to the 2900 switch.

All my PCs that is connected to the 2900 switch are not able to acces the internet.

There must be configuratons to be done on the PIX firewall.

As a newbie,I really need some useful advises on configuring the PIX. I had actually tried reading the online Cisco doucments but do not seems to understand. Please kindly help me in getting this solve.

Cheers.

0 Helpful
5 Replies 5

fragomez
Level 1
Level 1

‎03-06-2005 11:48 AM

Mossad,

Is hard to know where you are standing right now... but I assume the ADSL modem will give and IP address to your PIX via DHCP, is that right? If that is the case please do the following:

1) Enter the command line of the PIX via console:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/products_installation_guide_chapter09186a008007d37d.html#1045128

2) enter the enable mode by entering the following command:

"enable"

_________

(i.e. this is what you’ll see on the console)

pixfirewall>enable

password:

_________

While being asked for the password just type "cisco"

you should be now on "enable mode"

pixfirewall#

Now go to the "configuration mode" by typing the following:

"config t"

_________

(i.e. this is what you need to see on the console)

pixfirewall(config)#

_________

Now that you are here, you need to configure the PIX so it can obtain an IP for its port 0 (outside) from the ADSL modem and then, we need to allow traffic from inside to outside using NAT (Network Address Translation)

type the following commands:

interface eth0 auto

interface eth1 auto

ip address outside dhcp setroute

nat (inside) 1 0 0

global (outside) 1 interface

If you internal network is going to be 192.168.1.0 255.255.255.0 make sure your PIX is 192.168.1.254 255.255.255.0 by typing the following command:

ip address inside 192.168.1.254 255.255.255.0

Finally, make sure the default gateway of your inside LAN is 192.168.1.254 and this should do the trick. For more detail please follow the following link:

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094768.shtml

If the above make no difference, where you need to focus is on the link between the PIX and the Internet, make sure the PIX know how to get and IP address from your ISP.

Let me know how it goes, more than glad to help you again...

Frank

0 Helpful

mossad
Level 1
Level 1
In response to fragomez

‎03-07-2005 01:15 AM

Hi Frank,

I have follow your instructions in configuring the PIX501 firewall.

However i encounter a problem at the command:

ip address outside dhcp setroute

The moment i enter this command, there is a error message that keeps appearing and it says:

Can't set DHCP ip/mask, subnet is the same as interface 1

Allocated IP address = 192.168.1.10,

netmask = 255.255.255.0, gateway = 192.168.1.1

I have therefore entered all the commands that is given by you and also attached a "show run" of my PIX501 to give you a better idea.

What could be wrong? Please help me to resolve this.

Thanks.

Preview file
5 KB
0 Helpful

fragomez
Level 1
Level 1
In response to mossad

‎03-07-2005 05:16 AM

Mossad,

Thanks for replying back, now things are clearer... What is happening here is that the PIX is indeed getting an IP address from your ISP, the problem is that there is a hard coded IP on the inside of the firewall and this IP is under the same IP scheme as the outside of the PIX (ADSL side).

The PIX cannot have two interfaces with the same IP address or under the same subnet, so please go ahead and change the inside IP scope of the PIX to something like 172.16.X.X or 10.X.X.X, what ever you want... make sure the PCs on the inside are moved to this new addressing and repeat the command:

ip address outside dhcp setroute

Then everything should work, make sure you change the DHCP scope you have configured on the PIX as well, change it to something within the PIX inside interface IP range.

In other words, if you want your inside network to be 172.16.1.X 255.255.255.0 do this please:

clear dhcpd

dhcpd address 172.16.1.1-172.16.1.253 inside

dhcpd dns

dhcpd auto_config

dhcpd enable

then type this:

ip address inside 172.16.1.254 255.255.0.0

Hope that clears things up, if not let me know and I would be more than glad to help you.

Frank

0 Helpful

mossad
Level 1
Level 1
In response to fragomez

‎03-09-2005 05:54 AM

Hi Frank,

There seems to be another problem popping up this time. After i have done the commands that you have given, there is a error message again.

It says:

Allocated IP address = 192.168.1.10, netmask = 255.255.255.0, gateway = 192.168..1.1

DHCP failed to add default route entry

Please view through the "show run" config file and tell me what remedies i need.

Thanks a lot.

Cheers.

Mossad.

Preview file
6 KB
0 Helpful

fragomez
Level 1
Level 1
In response to mossad

‎03-09-2005 06:07 AM

Hi,

Please do

clear route

ip address outside dhcp setroute

Let me know

Frank

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card