Solved: Pix 501 Problem

Paul Webster · ‎05-20-2006

I can not configure a pix 501 like a firewall, i need to know if it comes with a default configuration. I connect the PIX to the LAN and it start´s to DHCP every machine on the network with no problem, but none of the user´s can access the internet.

i need to know what should i do to get access to the internet and security protection to the network.

Where can i get information to configure the Pix if i realy need to configure it!!!

PAWP

Fernando_Meza · ‎05-20-2006

Hi ... basically you need the following basic steps to get your internal users access to the internet

If you are using PIX 6.3(5)

interface ethernet0 100full

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list inside_access_in permit ip any any

access-group inside_access_in in interface inside

nat (inside) 1 access-list inside_access_in

global (outside) 1 interface

NOTE: with the ablove piece of config your internal users will have FULL acccess to the internet. If you want to restrict acccess to only http, https, ftp, dns ..etc then you need to modify the access-list to something like this ..

access-list inside_access_in permit tcp any any eq www

access-list inside_access_in permit tcp any any eq 443

access-list inside_access_in permit tcp any any eq ftp

access-list inside_access_in permit tcp any any eq 53

access-list inside_access_in permit udd any any eq 53

I hope it helps ... please rate it if it does !!!

View solution in original post

Fernando_Meza · ‎05-20-2006

Hi ... basically you need the following basic steps to get your internal users access to the internet

If you are using PIX 6.3(5)

interface ethernet0 100full

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list inside_access_in permit ip any any

access-group inside_access_in in interface inside

nat (inside) 1 access-list inside_access_in

global (outside) 1 interface

NOTE: with the ablove piece of config your internal users will have FULL acccess to the internet. If you want to restrict acccess to only http, https, ftp, dns ..etc then you need to modify the access-list to something like this ..

access-list inside_access_in permit tcp any any eq www

access-list inside_access_in permit tcp any any eq 443

access-list inside_access_in permit tcp any any eq ftp

access-list inside_access_in permit tcp any any eq 53

access-list inside_access_in permit udd any any eq 53

I hope it helps ... please rate it if it does !!!

Paul Webster · ‎05-23-2006

I should use this configuration just as it is? should i apply any changes? What mean`s the under score in the configuration that you sent me?

PAWP

Paul Webster · ‎05-24-2006

I don`t know what im doing wrong, i will aprecciate any word of advise!!!!

i still can get no internet, the situation persist.

PAWP

Fernando_Meza · ‎05-25-2006

Sorry .. I was off-line for a couple of days .. are you still having the problem ..? the config you post it .. unreadable ... can you maybe copy and paste it to word.

Fernando_Meza · ‎05-25-2006

hey ... wait a minute ... do you have another device in front of the PIX ..? the outside interface of your PIX has a private address ..? Is your PIX connected to an ADSL modem .. or something like that ..?

Paul Webster · ‎05-26-2006

Yes my dear friend, There is an cisco router 3841, i solved the problem with the Firewall, i just had to configure a default gateway!!!! that was parameter that was missing. But your advise was very helpfull.

Best Regards!!!!

PAWP

Fernando_Meza · ‎05-27-2006

great news ...