Solved: Re: Pix 501 no broadband connectivity

williamwulfken · ‎11-09-2004

Hey,

Just got a pix 501 to put in at the office, the problem is I went through the auto setup wizerd and looked through the settings, been online all of that I cant seem to get it to see dchp connetion outbound. Is there a setting Im missing. When I hit for it to refresh ip it tells me it cant and Frankly Im lost I do have a N+ so I do have some knowlage of setup but I seem to be having trouble finding info on this can anyone help or point me in the right direction as to how to get connectivity on line.

thamk you for your time

Patrick Iseli · ‎11-15-2004

William,

You have to mark that as solved !!

It is your post not mine.

;-)

View solution in original post

laje · ‎11-09-2004

Advise you upload your config as it will be easier to point out where the problem lies that way. However, what is needed on the outside interface to make a dhcp client is

ip address outside dhcp [setroute]

Cheers

Patrick Iseli · ‎11-09-2004

Connect your Serial cable on your PIX Console port. Open your prefered terminal enulation, e.g. windows hyperterminal, a set VT100 9600/N/1.

Erase your config or change the settings with the settings bellow.

Erase config:

en

wr erase

wr mem

Normal Setup for cable modem:

-----------------------------

ip address outside dhcp setroute

ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface

nat (inside) 1 192.168.1.0 255.255.255.0 0 0

dhcpd address 192.168.1.100-192.168.1.105 inside

dhcpd dns dns1-IP dns2-IP

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain domain.com

dhcpd auto_config outside

dhcpd enable inside

Example for PPOE it is:

-----------------------

ip address outside pppoe setroute

ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

vpdn group pppoex request dialout pppoe

vpdn group pppoex localname YOURUSERNAME

vpdn group pppoex ppp authentication pap

vpdn username YOURUSERNAME password YOURPASSWORD

dhcpd address 192.168.1.10-192.168.1.30 inside

dhcpd dns DNS1 DNS2

dhcpd lease 300

dhcpd ping_timeout 750

dhcpd domain domain.com

dhcpd auto_config outside

dhcpd enable inside

Save your config

See this config guide:

Establishing Connectivity

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html

sincerely

Patrick

gabrielpreston · ‎12-31-2004

Following these directions, I can't seem to get any connectivity on my outside interface connected to my cable modem. My inside interface is fine, and it can assign IP addresses to the connected computers, but the outside one fails to get an IP address via DHCP from the Cable Modem. I get this when I reload:

....................

DHCP command failed

I'm not sure why this happens. A friend threw out a comment about maybe the DHCP reply is being denied by the PIX since the external interface has security0 set. Could that be the problem?

williamwulfken · ‎12-31-2004

I have a linksys in place before my cisco just to give the cisco an ip to the outside.I found that the cable modem I have would not give the cisco an ip so I went around it unless there is a way to fix this problem I dont know???

gabrielpreston · ‎12-31-2004

I just spoke with one of my coworkers who is pretty familiar with Cisco and he said I need to add an access-list on my outside interface to allow 'domain' traffic in. The outside interface is set to security0 so he believes it was automatically denying everything. I'll have to try this later when I get home from work and verify.

williamwulfken · ‎11-10-2004

Thanx Guys

Sometimes you just need to pointed in the right direction lots of reading to do. thanx again

williamwulfken · ‎11-15-2004

Hello,

Even with the direction I still seem to have a problem. I can get the pix to obtain an ip but it still wont let me out to the net any ideas.

Thanx

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxx

passwd xxxx

hostname burnhsmpix

domain-name burnhmamsrv1local.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute ip address inside 192.168.2.1

ip audit info action alarm

ip audit attack action alarm

pdm location 192.168.3.100 255.255.255.255 inside

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 192.168.1.0 255.255.255.0 0 0

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.3.100 255.255.255.255 inside

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain domain.com

dhcpd auto_config outside

terminal width 80

Cryptochecksum:xxxx

burnhsmpix(config)#

Patrick Iseli · ‎11-15-2004

Yes it seems that you have multiple networks in your inside network !!! Seems that your subnetmask does not correspond with your client host subnetmasks ?

192.168.3.x /24

192.168.1.x /24

192.168.2.x /24

What is the subnet mask ?

What is their default gateway ?

You may change the subnet mask on the inside to a

16 bit one and try again.

ip address inside 192.168.2.1 255.255.0.0

remove that nat statement:

no nat (inside) 1 192.168.1.0 255.255.255.0 0 0

Do a " clear xlate " after you changed that config lines !!

Final config lines:

ip address outside dhcp setroute

ip address inside 192.168.2.1

global (outside) 1 interface

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

sincerely

Patrick

williamwulfken · ‎11-15-2004

Hello,

Thanks for all of the help I do now have a connection you may mark as solved

Thanx again

William

Patrick Iseli · ‎11-15-2004

William,

You have to mark that as solved !!

It is your post not mine.

;-)