11-09-2004 01:03 PM - edited 02-20-2020 11:44 PM
Hey,
Just got a pix 501 to put in at the office, the problem is I went through the auto setup wizerd and looked through the settings, been online all of that I cant seem to get it to see dchp connetion outbound. Is there a setting Im missing. When I hit for it to refresh ip it tells me it cant and Frankly Im lost I do have a N+ so I do have some knowlage of setup but I seem to be having trouble finding info on this can anyone help or point me in the right direction as to how to get connectivity on line.
thamk you for your time
Solved! Go to Solution.
11-15-2004 10:04 AM
William,
You have to mark that as solved !!
It is your post not mine.
;-)
11-09-2004 03:04 PM
Advise you upload your config as it will be easier to point out where the problem lies that way. However, what is needed on the outside interface to make a dhcp client is
ip address outside dhcp [setroute]
Cheers
11-09-2004 07:10 PM
Connect your Serial cable on your PIX Console port. Open your prefered terminal enulation, e.g. windows hyperterminal, a set VT100 9600/N/1.
Erase your config or change the settings with the settings bellow.
Erase config:
en
wr erase
wr mem
Normal Setup for cable modem:
-----------------------------
ip address outside dhcp setroute
ip address inside 192.168.1.1 255.255.255.0
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
dhcpd address 192.168.1.100-192.168.1.105 inside
dhcpd dns dns1-IP dns2-IP
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain domain.com
dhcpd auto_config outside
dhcpd enable inside
Example for PPOE it is:
-----------------------
ip address outside pppoe setroute
ip address inside 192.168.1.1 255.255.255.0
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
vpdn group pppoex request dialout pppoe
vpdn group pppoex localname YOURUSERNAME
vpdn group pppoex ppp authentication pap
vpdn username YOURUSERNAME password YOURPASSWORD
dhcpd address 192.168.1.10-192.168.1.30 inside
dhcpd dns DNS1 DNS2
dhcpd lease 300
dhcpd ping_timeout 750
dhcpd domain domain.com
dhcpd auto_config outside
dhcpd enable inside
Save your config
See this config guide:
Establishing Connectivity
sincerely
Patrick
12-31-2004 06:33 AM
Following these directions, I can't seem to get any connectivity on my outside interface connected to my cable modem. My inside interface is fine, and it can assign IP addresses to the connected computers, but the outside one fails to get an IP address via DHCP from the Cable Modem. I get this when I reload:
....................
DHCP command failed
I'm not sure why this happens. A friend threw out a comment about maybe the DHCP reply is being denied by the PIX since the external interface has security0 set. Could that be the problem?
12-31-2004 08:23 AM
I have a linksys in place before my cisco just to give the cisco an ip to the outside.I found that the cable modem I have would not give the cisco an ip so I went around it unless there is a way to fix this problem I dont know???
12-31-2004 08:45 AM
I just spoke with one of my coworkers who is pretty familiar with Cisco and he said I need to add an access-list on my outside interface to allow 'domain' traffic in. The outside interface is set to security0 so he believes it was automatically denying everything. I'll have to try this later when I get home from work and verify.
11-10-2004 04:13 PM
Thanx Guys
Sometimes you just need to pointed in the right direction lots of reading to do. thanx again
11-15-2004 08:00 AM
Hello,
Even with the direction I still seem to have a problem. I can get the pix to obtain an ip but it still wont let me out to the net any ideas.
Thanx
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxx
passwd xxxx
hostname burnhsmpix
domain-name burnhmamsrv1local.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute ip address inside 192.168.2.1
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.3.100 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.3.100 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain domain.com
dhcpd auto_config outside
terminal width 80
Cryptochecksum:xxxx
burnhsmpix(config)#
11-15-2004 08:23 AM
Yes it seems that you have multiple networks in your inside network !!! Seems that your subnetmask does not correspond with your client host subnetmasks ?
192.168.3.x /24
192.168.1.x /24
192.168.2.x /24
What is the subnet mask ?
What is their default gateway ?
You may change the subnet mask on the inside to a
16 bit one and try again.
ip address inside 192.168.2.1 255.255.0.0
remove that nat statement:
no nat (inside) 1 192.168.1.0 255.255.255.0 0 0
Do a " clear xlate " after you changed that config lines !!
Final config lines:
ip address outside dhcp setroute
ip address inside 192.168.2.1
global (outside) 1 interface
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
sincerely
Patrick
11-15-2004 09:58 AM
Hello,
Thanks for all of the help I do now have a connection you may mark as solved
Thanx again
William
11-15-2004 10:04 AM
William,
You have to mark that as solved !!
It is your post not mine.
;-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide