Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
775
Views
15
Helpful
6
Replies

PIX 506E

joonp
Level 1
Level 1

‎10-11-2004 07:33 AM - edited ‎02-20-2020 11:40 PM

To Experts

Hi, Here is my configuration(factory default)

PIX Version 6.3(3)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxxxxxxxxxxxxx

passwd xxxxxxxxxxxxxxxxx

hostname xxxxxxxxxxx

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225

1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:

Now, I want to use ***.***.***.*** 255.255.255.0 for the outside IP.

What do I need to change? Just outside IP?

Please, help CISCO beginner. Using this machine with T1 is all I want.

0 Helpful
6 Replies 6

nkhawaja
Cisco Employee
Cisco Employee

‎10-11-2004 08:46 AM

Hi,

You just need

ip address outside x.x.x.x 255.255.255.0

Thanks

Nadeem

joonp
Level 1
Level 1
In response to nkhawaja

‎10-11-2004 10:05 AM

Thank you for your answer...

Here is another question I would like to ask

It works great when outside IP is in DHCP, but not in static IP

My network system has been set up like this

DSL Router modem-PIX 506E Firewall-Switch-Laptop

Router Modem

Local WAN IP: 64.X.X.51

Additional IP: 64.X.X.52

Remote WAN IP: 64.X.X.1

WAN IP Mask: 255.255.255.0

LAN Subnet: N/A

LAN IP Mask: N/A

Primary DNS: 206.163.82.4

Secondary DNS: 206.161.110.79

Domain Name: integraonline.com

NAT Enabled: N/A

DHCP Enabled: N/A

So, I configured PIX506E "ip address outside 64.X.X.51"

And I still can't access to other websites...

Could you help me?

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to joonp

‎10-11-2004 11:18 AM

So if you configured the PIX outside to be 64.x.x.51, then the inside of the modem probably is 64.x.x.52, right?

in that case, you also need a default route

add this command.

route outside 0 0 64.x.x.52

thanks

Nadeem

joonp
Level 1
Level 1
In response to nkhawaja

‎10-11-2004 01:02 PM

Could you let me know what is wrong on my network setup?

My Network setup

Following order

ISP-->Router/Modem-->PIX 506E-->Switch-->Laptop

Router/Modem

Local WAN IP: 64.X.3.51

Additional IP: 64.X.3.52

Remote WAN IP: 64.X.3.1

WAN IP Mask: 255.255.255.0

LAN Subnet: N/A

LAN IP Mask: N/A

Primary DNS: 206.163.82.4

Secondary DNS: 206.161.110.79

Domain Name: integraonline.com

NAT Enabled: N/A

(what is outside and inside IP?)

PIX 506E

Outside IP: 64.X.3.51 255.255.255.0

Inside IP: 192.168.1.1 255.255.255.0

Switch

Laptop

IP address: 192.168.1.2 255.255.255.0

Default Gateway: 64.X.3.51 255.255.255.0

0 Helpful

tonny_ecmyy
Level 1
Level 1
In response to joonp

‎10-11-2004 05:27 PM

Hello...

Looks like you face the same problem like me. I'm quite new to cisco firewall PIX 506E

Below is my network configuration:

Fixed IP that connected to Router: 218.xxx.xxx.161/Netmask 255.255.255.252

Router IP: 192.168.1.2

Firewall Inside IP: 192.168.1.1

Primary DNS: 202.188.0.133

Secondary DNS: 202.188.1.5

NAT Enabled: N/A

I'm confuse about how to set inside/outside ip.

Whether the Inside IP same as Router IP 192.168.1.10/100 and the Outside IP same as the Fixed IP?

Thanks

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to tonny_ecmyy

‎10-11-2004 06:53 PM

Hi,

Since you are putting another device in between your external router and internal network, you have to change the ip address of inside interface on outside router i.e. from 192.168.1.2 to 192.168.2.2

similiary you need to assign the outside ip address of pix firewall to

192.168.2.3

the inside ip address of pix firewll will become 192.168.1.2 (formerly assigned to router)

this way you will not have to change any IP on the inside hosts.

if you dont want it, then keep all the ip addresses as it is , just do the following

router isnide = 192.168.1.2

firewall outside ip = 192.168.1.1

firewall inside ip = 192.168.2.1

inside network ip will then be changed to 192.168.2.x

thanks

Nadeem

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card