Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9036
Views
5
Helpful
2
Replies

what cable use for between firewall to router

pkchiwing
Level 1
Level 1

‎07-13-2005 03:33 PM - edited ‎03-09-2019 11:49 AM

I am beginner for use Cisco firewall, I got a cisco 1750 router with adsl card to connect to internet, and I also got cisco pix 515 firewall, but I dont know what cable(patch or crossover) I use between router to firewall and firewall to my PC?

Also I have question about configure about firewall. my router is configure dhcp, I dont know how firewall to know the IP address from router and firewall give ip address to my PC(I only need DHCP, I dont want static IP). have anyone have any sample or website?

I can post more my config in here, hope anyone can help me. Thank you

Labels:
0 Helpful
2 Replies 2

paddyxdoyle
Level 6
Level 6

‎07-14-2005 02:58 AM

Hi,

The PIX 501 has a four port switch built in so PC to Firewall will be straight through CAT5.

Between the PIX outside interface and the routers interface you will need a cross over cable.

Personally i would configure the PIX as the DHCP server which will allocate IP addresses to your internal PCs and create a static subnet between the PIX and the router so you router always has the same IP address. This is essential as the PIX needs to know this address as it will always be the default gateway for the PIX

e.g.

PIX

---

# ip address outside 192.168.1.1 255.255.255.252

# route outside 0 0 192.168.1.2

# interface ethernet0 100full

# ip address inside 10.0.0.1 255.255.255.0

# dhcpd address 10.0.0.2-10.0.0.254 inside

# dhcpd dns

# dhcpd lease 3000

# dhcpd enable inside

Router

-----

# interface fast Ethernet 0/1

# description To LAN (PIX)

# ip address 192.168.1.2 255.255.252

# speed 100

# duplex full

HTH

PJD

pkchiwing
Level 1
Level 1
In response to paddyxdoyle

‎07-15-2005 08:48 AM

I following your method, I feel it is better but still doesnt work, I post my router and firewall config let you see what is wrong.

1750 router configuration:

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Cisco1750

!

logging queue-limit 100

enable secret xxx

enable password xxx

!

ip subnet-zero

no ip source-route

!

!

ip name-server 195.16.16.1

!

no ip bootp server

!

interface ATM0

no ip address

no ip proxy-arp

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

!

interface FastEthernet0

ip address 192.168.1.2 255.255.255.0

no ip proxy-arp

ip nat inside

speed 100

full-duplex

no cdp enable

!

interface Dialer1

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname myusername

ppp chap password 0 mypassword

!

ip nat inside source list 1 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

!

!

access-list 1 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

!

line con 0

speed 115200

line aux 0

line vty 0 4

login

!

no scheduler allocate

end

515 pix firewall configuration:

PIX Version 5.2(5)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname Cisco515pix

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

names

access-list ping_acl permit icmp any any

access-list acl_out permit icmp any any

pager lines 24

logging on

no logging timestamp

no logging standby

no logging console

no logging monitor

logging buffered debugging

no logging trap

no logging history

logging facility 20

logging queue 512

interface ethernet0 100full

interface ethernet1 100full

interface ethernet2 shutdown

mtu outside 1500

mtu inside 1500

ip address outside 192.168.1.1 255.255.255.0

ip address inside 10.0.0.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

arp timeout 14400

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group ping_acl in interface inside

route outside 0.0.0.0 0.0.0.0 192.168.1.2 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:00:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:00:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

no floodguard enable

no sysopt route dnat

isakmp identity address

telnet timeout 5

ssh timeout 5

dhcpd address 10.0.0.2-10.0.0.2 inside(it cant let me more then 10.0.0.2)

dhcpd dns 195.16.16.1

dhcpd lease 3000

dhcpd enable inside

terminal width 80

Cryptochecksum:xxx

hope anyone can help me

0 Helpful
Customers Also Viewed These Support Documents