Cisco PIX - a total *Newbie* guide to setting it up please...!

Hi All,

I've acquired a PIX Series 515 firewall which I want to use at home with my ADSL modem.

Currently my ADSL modem takes the Single IP address from my ISP, and then uses its built in NAT and DHCP to allow 'net access to my little network of three machines.

I've looked on various websites about setting the PIX up and its all waaay to technical for me to ingest at the moment.

What I am looking for is a *simple* step by step, command by command guide (with an explanation would be nice.. ;)

What I would like to do (if possible!) is use the PIX to handle the NAT/DHCP and of course Firewall.

Could I just reiterate that I have ZERO knowledge of Cisco equipment.. Basically, I can connect to it via HyperTerminal and can logon!

Thankyou kindly for all and any replies!
Who is Participating?
Dear grayp1:
Not much will seem simple about a PIX box unless you have dealt with them in the past. But here is some suggested reading:
In the first link scroll down and read about your product's capabilities, in the second is a link is a command reference which will help you learn to use the commands necessary to accomplish the tasks you wish to accomplish.
 You will need to disable the NAT and internal DHCP functions in your ADSL modem if you plan to let the PIX do these things. I suggest you contact your ISP to learn how to assign a static public IP address to your modem's Ethernet interface if it is possible. Before you start configuring your PIX you should issue the command: write erase, this is just to make sure you are starting with a clean slate. I suggest setting up a password with the passwd command. Set up an enable secret with the enable secret command. Next assign a static public IP address on the outside interface of the PIX that is in the same IP subnet as that of the ADSL modem's Ethernet port. How to tell which interface is which: The outside interface of your PIX will be ethernetO by default, and the inside will be ethernet1. You must issue so-called global meaning not interface or other mode specific configuration commands from global configuration mode. You access this mode the same way as a Cisco router, from priveledged exec mode or #prompt issue the command: config t and that will get you into global configuration mode. Next enable your interfaces to operate by specifying the interface ie: interface ethernet0 auto. The auto refers to auto negotiated speed. You may wish a different setting, check the command reference at the url above to see examples. To set up nat you must first set up a global pool of addresses, which you probably won't have for a home network. In this case set up PAT/Port address translation, this means all devices in your home network will use one Public IP (that of your outside interface, ethernet1), when they make connections to the Internet. To acheive this give the commands: global (outside) 1 x.x.x.x netmask x.x.x.x , the x's of course being the actual public ip address and mask you intend to use. Next issue the commands: nat (inside) 1 0 0 . Next confirm your interfaces have security levels set. This is how the PIX views which area needs protection. Normally, your inside interface (ethernet1 by default) is a higher security area than your outside (ethernet0 by default). Recommend commands: nameif ethernet0 outside security0 , next command: nameif ethernet1 inside security100. To set up DHCP in the PIX give the commands: dhcpd address x.x.x.x-x.x.x.x inside. Again the x's are the actual ip address range you wish to use. To set up your firewall:
 Remember that a PIX will deny all traffic by default from a lower security area to a higher security area, except what you permit in exception. This means the outside will have retricted access for traffic bound for the inside, unless a connection was originated from inside. Setting up the firewalling is more a function of figuring out what you want to permit coming into the PIX's outside interface from the Internet (which again is the lower security area). Traffic coming into the PIX's inside Ethernet port (from your home network bound for the Internet) is traffic is usually allowed as it originates from a higher security area. Telnet and icmp are exceptions to this. You must permit these at either interface explicitly. This should be enough to help you get started. Good luck, Chris
The first thing we need is to know which version of software you have.

from the prompt:

pix>sho version

Cisco PIX Firewall Version 6.2(1)
Cisco PIX Device Manager Version 2.0(1)

Compiled on Wed 17-Apr-02 21:18 by morlee

grayp1Author Commented:

Thanks muchly Chris; I appreciate the time and effort you have put into your post.
It appears that you have forgotten this question. I will ask Community Support to close it unless

you finalize it within 7 days. I will ask a Community Support Moderator to force close it.


Please take a moment to revisit this question & reward your points or post additional commentary

as appropriate.  Unless there is objection or further activity.

EXPERTS, please feel free to make a recommendation for points award.

If you feel that your question was not properly addressed, or that none of the comments received

were appropriate answers, please post a request in Community support (with a link to this page)

to refund your points.  The link to the Community Support area is:

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.