Cisco PIX -  a total *Newbie* guide to setting it up please...!

Posted on 2002-06-10
Medium Priority
Last Modified: 2010-04-17
Hi All,

I've acquired a PIX Series 515 firewall which I want to use at home with my ADSL modem.

Currently my ADSL modem takes the Single IP address from my ISP, and then uses its built in NAT and DHCP to allow 'net access to my little network of three machines.

I've looked on various websites about setting the PIX up and its all waaay to technical for me to ingest at the moment.

What I am looking for is a *simple* step by step, command by command guide (with an explanation would be nice.. ;)

What I would like to do (if possible!) is use the PIX to handle the NAT/DHCP and of course Firewall.

Could I just reiterate that I have ZERO knowledge of Cisco equipment.. Basically, I can connect to it via HyperTerminal and can logon!

Thankyou kindly for all and any replies!
Question by:grayp1
  • 2
LVL 79

Expert Comment

ID: 7068354
The first thing we need is to know which version of software you have.

from the prompt:

pix>sho version

Cisco PIX Firewall Version 6.2(1)
Cisco PIX Device Manager Version 2.0(1)

Compiled on Wed 17-Apr-02 21:18 by morlee


Accepted Solution

Chriskohn earned 800 total points
ID: 7068398
Dear grayp1:
Not much will seem simple about a PIX box unless you have dealt with them in the past. But here is some suggested reading:
In the first link scroll down and read about your product's capabilities, in the second is a link is a command reference which will help you learn to use the commands necessary to accomplish the tasks you wish to accomplish.
 You will need to disable the NAT and internal DHCP functions in your ADSL modem if you plan to let the PIX do these things. I suggest you contact your ISP to learn how to assign a static public IP address to your modem's Ethernet interface if it is possible. Before you start configuring your PIX you should issue the command: write erase, this is just to make sure you are starting with a clean slate. I suggest setting up a password with the passwd command. Set up an enable secret with the enable secret command. Next assign a static public IP address on the outside interface of the PIX that is in the same IP subnet as that of the ADSL modem's Ethernet port. How to tell which interface is which: The outside interface of your PIX will be ethernetO by default, and the inside will be ethernet1. You must issue so-called global meaning not interface or other mode specific configuration commands from global configuration mode. You access this mode the same way as a Cisco router, from priveledged exec mode or #prompt issue the command: config t and that will get you into global configuration mode. Next enable your interfaces to operate by specifying the interface ie: interface ethernet0 auto. The auto refers to auto negotiated speed. You may wish a different setting, check the command reference at the url above to see examples. To set up nat you must first set up a global pool of addresses, which you probably won't have for a home network. In this case set up PAT/Port address translation, this means all devices in your home network will use one Public IP (that of your outside interface, ethernet1), when they make connections to the Internet. To acheive this give the commands: global (outside) 1 x.x.x.x netmask x.x.x.x , the x's of course being the actual public ip address and mask you intend to use. Next issue the commands: nat (inside) 1 0 0 . Next confirm your interfaces have security levels set. This is how the PIX views which area needs protection. Normally, your inside interface (ethernet1 by default) is a higher security area than your outside (ethernet0 by default). Recommend commands: nameif ethernet0 outside security0 , next command: nameif ethernet1 inside security100. To set up DHCP in the PIX give the commands: dhcpd address x.x.x.x-x.x.x.x inside. Again the x's are the actual ip address range you wish to use. To set up your firewall:
 Remember that a PIX will deny all traffic by default from a lower security area to a higher security area, except what you permit in exception. This means the outside will have retricted access for traffic bound for the inside, unless a connection was originated from inside. Setting up the firewalling is more a function of figuring out what you want to permit coming into the PIX's outside interface from the Internet (which again is the lower security area). Traffic coming into the PIX's inside Ethernet port (from your home network bound for the Internet) is traffic is usually allowed as it originates from a higher security area. Telnet and icmp are exceptions to this. You must permit these at either interface explicitly. This should be enough to help you get started. Good luck, Chris

Author Comment

ID: 7069573

Thanks muchly Chris; I appreciate the time and effort you have put into your post.
LVL 79

Expert Comment

ID: 7333456
It appears that you have forgotten this question. I will ask Community Support to close it unless

you finalize it within 7 days. I will ask a Community Support Moderator to force close it.


Please take a moment to revisit this question & reward your points or post additional commentary

as appropriate.  Unless there is objection or further activity.

EXPERTS, please feel free to make a recommendation for points award.

If you feel that your question was not properly addressed, or that none of the comments received

were appropriate answers, please post a request in Community support (with a link to this page)

to refund your points.  The link to the Community Support area is:



Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question