Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
619
Views
0
Helpful
1
Replies

pix 501 setup issues

jppatton1
Level 1
Level 1

‎12-29-2006 10:29 AM - edited ‎03-11-2019 02:14 AM

I have a new 501 running 6.3(5) with a 10 user license. I have a network of 25 computers running local applications, we only need internet access through the firewall for 8 of the workstations. The setup is internet-DSL modem-PIX-switch. I have it up and connected, but I have issues: 1. Hosts that are not going to the internet are hitting the PIX and apparently taking up license slots -- if these hosts have their default gateway removed or altered, will this fix the problem? 2. One host simply can't access webpages although I can ping from it to the 'net. This machine works fine with my old firewall, I can't come up with theories why this is happening (the show local-host says I have available spots..) 3. The show local-host print out says I only have 8 maximum active connections, shouldn't that say 10? TIA

Labels:
0 Helpful
1 Reply 1

jmayes
Level 1
Level 1

‎01-01-2007 08:48 PM

One way to limit the hosts that can access the Internet is to statically assign addresses to the permitted hosts in a permitted NAT range, and set up DHCP for everyone else outside of the permitted NAT range.

I've also had issues with Internet access to some sites due to the default behavior of the DNS check. It kills all DNS packets longer than 512 bytes (and some DNS clients use larger request packets).

Try resetting the DNS inspect maximum-length to 1500 bytes. It worked for me...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card