Solved: Re: PIX 501 Help - can't access startup.html

hyperknowledge · ‎07-21-2005

I am new to networking and was given a job to set up the PIX 501 firewall.

The circumstance is:

We are using IP table rules as a firewall in a linux machine. My pc is connected to a swich. So I use the yellow network cable to connect the Pix 501 port 0 to one of the port in the swich. Then I disconnect my pc's cable from the swich and plug into the Pix 501 port 1.

My pc is using a static ip address before. I try to change to automatically pick up an IP address, but it won't work. So I changed the setting and use the orginally IP address. The network connection icon pop up message said the local connection is enable. But when I try to ping 192.168.1.1, request time out. Also I can't acess the https://192.168.1.1/startup.html.

I have a look at cisco's online documentation and trouble shootings, but most of them is about configuration or more advance features. I am still on the very basic level of try to connect to the firewall.

I hope someone can help me. Any ideas and questions are welcome. Thank you.

groberton · ‎07-21-2005

Your IP address should be fine. You do not want to have the PIX connected to your LAN while you have the Linux firewall on as well as this will cause a conflict. Keep the PIX off the LAN for the moment. Your DNS setting will not have any effect as the url you are trying to reach is based on the IP address and not the domain name so your PC has nothing to look up.

You need to check the cable you are using - if your PIX only has one 'inside' interface then you need to use a crossover cable. If it has four then this is a built in switch so a straight through cable will be fine. What model of PIX is it?

After checking the cable - see if you can console into the firewall - use the blue cable that came with the PIX and set up a terminal (hyper terminal) connection using 9600, 8, non, 1. If you can console in then you can paste in a basic config to get you going.

View solution in original post

groberton · ‎07-21-2005

Make sure your IP address in your PC is 192.168.1.x where x is another number except 1. Your should then be able to get to the PIX Device Manager using https://192.168.1.1.

Remove yourself and your PIX from the network until you have your connection.

HTH

Gary

hyperknowledge · ‎07-21-2005

Thank you for your quick reply.

The ip of my machine is set to 192.168.1.11. This ip is used before when my pc connect to the linux firewall machine (ip is 192.168.1.1 as well). So when I disconnect my machine from the swich, and plug to the port 1, and connect the port 0 to the swich. The network connection icon in my task bar shows that connection is fine. But I just can't ping 192.168.1.1 or access the startup.html.

Because the 192.168.1.1 is using by the linux firewall machine, after the connect the PIX firewall to one of the swich, the PIX firewall by default using the same ip as the linux firewall machine, is this will has any conflict?

also, my pc's dns setting is using the old one that my pc was using when connect to the linux firewall: 158.152.1.43 and .58.

Is it correct?

Cheers

groberton · ‎07-21-2005

Your IP address should be fine. You do not want to have the PIX connected to your LAN while you have the Linux firewall on as well as this will cause a conflict. Keep the PIX off the LAN for the moment. Your DNS setting will not have any effect as the url you are trying to reach is based on the IP address and not the domain name so your PC has nothing to look up.

You need to check the cable you are using - if your PIX only has one 'inside' interface then you need to use a crossover cable. If it has four then this is a built in switch so a straight through cable will be fine. What model of PIX is it?

After checking the cable - see if you can console into the firewall - use the blue cable that came with the PIX and set up a terminal (hyper terminal) connection using 9600, 8, non, 1. If you can console in then you can paste in a basic config to get you going.

hyperknowledge · ‎07-21-2005

The model is PIX 510.

I disconnect the firewall from the swich, and only connect my pc to port 1 in the firewall. The connection icon in task bar shows connection is fine. but I can't ping 192.168.1.1 and also can't view the startup.html. From the hyperterminal of my pc, if I ping 192.168.1.11 (my pc's ip), it said no route to the host.

If I change to the cross cable, the connection icon in the task bar has waring said no connectivity.

Another thing I tried is:

I user hyperterminal to connect to the firewall, if I didn't connect the port 0 with the swich, then when I try to ping my pc , I get a 'no route to host' message. If I connect the firewall to the swich, in the terminal, I get the message that an ip of 192.168.1.89 is allocated, and if I ping my pc (the pc is connect to the swich not the firewall at this point), I get request time out message.

If I ping 192.168.1.1 which is the linux firewall machine, then I get reply. If from my pc I ping 192.168.1.89, my pc get reply also in the firewall terminal shows reply message. But if I can't view https://192.168.1.89/startup.html. If I connect another pc to port 1. In terminal if I ping that pc, no response received. If from that pc ping 192.168.1.89, in the firewall terminall, didn't have any message so means that pc can't reach the firewall at all...

any ideas?

Thank you

What

hyperknowledge · ‎07-22-2005

Found the problem... I didn't unplug the power of the firewall after I disconnected the firewall from the swich and just let it connect to my pc. After I unplug the power, I can access the startup.html now.

My friend told me it's common knowledge of networking stuff that I need to unplug them in the right time.

Thank you very much.