Solved

Cisco PIX -  a total *Newbie* guide to setting it up please...!

Posted on 2002-06-10
4
205 Views
Last Modified: 2010-04-17
Hi All,

I've acquired a PIX Series 515 firewall which I want to use at home with my ADSL modem.

Currently my ADSL modem takes the Single IP address from my ISP, and then uses its built in NAT and DHCP to allow 'net access to my little network of three machines.

I've looked on various websites about setting the PIX up and its all waaay to technical for me to ingest at the moment.

What I am looking for is a *simple* step by step, command by command guide (with an explanation would be nice.. ;)

What I would like to do (if possible!) is use the PIX to handle the NAT/DHCP and of course Firewall.

Could I just reiterate that I have ZERO knowledge of Cisco equipment.. Basically, I can connect to it via HyperTerminal and can logon!

Thankyou kindly for all and any replies!
0
Comment
Question by:grayp1
  • 2
4 Comments
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
The first thing we need is to know which version of software you have.

from the prompt:

pix>sho version

Cisco PIX Firewall Version 6.2(1)
Cisco PIX Device Manager Version 2.0(1)

Compiled on Wed 17-Apr-02 21:18 by morlee

0
 
LVL 1

Accepted Solution

by:
Chriskohn earned 200 total points
Comment Utility
Dear grayp1:
Not much will seem simple about a PIX box unless you have dealt with them in the past. But here is some suggested reading:
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/index.shtml
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/commands.htm
In the first link scroll down and read about your product's capabilities, in the second is a link is a command reference which will help you learn to use the commands necessary to accomplish the tasks you wish to accomplish.
 You will need to disable the NAT and internal DHCP functions in your ADSL modem if you plan to let the PIX do these things. I suggest you contact your ISP to learn how to assign a static public IP address to your modem's Ethernet interface if it is possible. Before you start configuring your PIX you should issue the command: write erase, this is just to make sure you are starting with a clean slate. I suggest setting up a password with the passwd command. Set up an enable secret with the enable secret command. Next assign a static public IP address on the outside interface of the PIX that is in the same IP subnet as that of the ADSL modem's Ethernet port. How to tell which interface is which: The outside interface of your PIX will be ethernetO by default, and the inside will be ethernet1. You must issue so-called global meaning not interface or other mode specific configuration commands from global configuration mode. You access this mode the same way as a Cisco router, from priveledged exec mode or #prompt issue the command: config t and that will get you into global configuration mode. Next enable your interfaces to operate by specifying the interface ie: interface ethernet0 auto. The auto refers to auto negotiated speed. You may wish a different setting, check the command reference at the url above to see examples. To set up nat you must first set up a global pool of addresses, which you probably won't have for a home network. In this case set up PAT/Port address translation, this means all devices in your home network will use one Public IP (that of your outside interface, ethernet1), when they make connections to the Internet. To acheive this give the commands: global (outside) 1 x.x.x.x netmask x.x.x.x , the x's of course being the actual public ip address and mask you intend to use. Next issue the commands: nat (inside) 1 0.0.0.0 0.0.0.0 0 0 . Next confirm your interfaces have security levels set. This is how the PIX views which area needs protection. Normally, your inside interface (ethernet1 by default) is a higher security area than your outside (ethernet0 by default). Recommend commands: nameif ethernet0 outside security0 , next command: nameif ethernet1 inside security100. To set up DHCP in the PIX give the commands: dhcpd address x.x.x.x-x.x.x.x inside. Again the x's are the actual ip address range you wish to use. To set up your firewall:
 Remember that a PIX will deny all traffic by default from a lower security area to a higher security area, except what you permit in exception. This means the outside will have retricted access for traffic bound for the inside, unless a connection was originated from inside. Setting up the firewalling is more a function of figuring out what you want to permit coming into the PIX's outside interface from the Internet (which again is the lower security area). Traffic coming into the PIX's inside Ethernet port (from your home network bound for the Internet) is traffic is usually allowed as it originates from a higher security area. Telnet and icmp are exceptions to this. You must permit these at either interface explicitly. This should be enough to help you get started. Good luck, Chris
 
0
 

Author Comment

by:grayp1
Comment Utility

Thanks muchly Chris; I appreciate the time and effort you have put into your post.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
It appears that you have forgotten this question. I will ask Community Support to close it unless

you finalize it within 7 days. I will ask a Community Support Moderator to force close it.

** PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER **

Please take a moment to revisit this question & reward your points or post additional commentary

as appropriate.  Unless there is objection or further activity.

EXPERTS, please feel free to make a recommendation for points award.


If you feel that your question was not properly addressed, or that none of the comments received

were appropriate answers, please post a request in Community support (with a link to this page)

to refund your points.  The link to the Community Support area is:

http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt


** PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER **
------------------------------------------------------------------------------------------------
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now