08-06-2007 11:06 AM - edited 03-11-2019 03:54 AM
I'm very new to PIX but can't get something to work. We have a T1 line that connects to the PIX and then we have the PIX connected to the external network on a Small Business Server 2003. I am trying to put in a wireless access point so guests can have internet access outside of our network. I connected it to the PIX and gave it an IP address on the inside network (192.168.1.X) of the PIX and I can't get it to see the internet. Attached is my configuration from the PIX.
Can anyone help me out?
Mike
08-07-2007 07:06 AM
Point taken and i agree. Which part of your previous post would solve this problem?
Mike
08-07-2007 07:48 AM
I do have one more question. Since I am trying to setup a WAP outside of my network for guests, I was thinking it might be best to have the PIX work as a DHCP server to guests laptops so I don't have to configure their IP settings manually. Can this be done and still keep my server static? Here are the commands that I think will make this work and since my server IP address is not in the range of DHCP addresses I'm thinking this will work. What do you think?
dhcpd address 192.168.1.50-192.168.1.75 inside
dhcpd dns 64.65.208.6 64.65.196.6
dhcpd lease 3600
dhcpd enable inside
08-07-2007 08:19 AM
^^Yes, that will work fine.
08-07-2007 09:32 AM
When you say they would only allow you to use 2 IP's what was the other IP address?
checked your config - move the line 'access-group 102 in interface inside' to under the one for 101 and that will work fine
Also why do you want the PIX acting as the DHCP server? Why not have the WAP be the DHCP server?
Cheers,
MM
08-07-2007 09:47 AM
They told me that .19 and .20 are the ones we need to use for our T1 line. Am I ok to use 255.255.255.255 as my mask then?
I'll make the change to the config. Thanks for looking at it.
After my last post I was wondering the same thing. Again this is all new to me so I did some research and was able to setup the WAP as a DHCP server. So that should be good to go.
Thanks for you help.
Mike
08-07-2007 09:59 AM
I think you will find the PIX will give you an error if you try and enter 255.255.255.255 as the subnet mask. I have seen ISP starting to use this method of supplying IP addresses now days - so to get around it put the mask as 255.255.255.254 and then retest connectivity. If not then just leave it as 255.255.255.0 as it probably won't hurt it as the router your connecting to won't be forwarding broadcasts etc anyways
08-08-2007 03:42 AM
I made the changes we talked about and now I am having problems accessing our FTP site. Could this be related or not? Our FTP site is hosted by our ISP. From what I see in the new lines I would think that they would not affect our ability to connect to our FTP site but i thought I would ask the question and see what you thought.
I also lost our connection to the internet. By removing access-list 102 everything is working again. Now that employees are starting to get here for work I can't make any more changes, but do I need to put access-list 102 back in?
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide