Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3994
  • Last Modified:

Pix 506E basic Configuration Newbie

Hi all,

I want to configure a PIX 506E which has a pre-existing config on to secure my home PC to the internet and need help to connect to the internet and some basic tips as an extra please.

-I have a netgear DSL Modem/Router with built in switch currently connected and working and running as a DHCP server.

-A preconfigured PIX 506E which I am trying to configure to connect through to the internet which so far is
    -getting an IP address from the Netgear
    -pinging the DNS servers of my ISP
    -unable to let me configure it as a DHCP Server (displays error when configuring the ethernet1 as a DHCPD)
    -not letting my PC (10.0.0.2) browse the internet.
    -unable to configure the interfaces to be on autosensing

-Please assist where you see any mistakes.

IANTRADING(config)# wr t                        
Building configuration...                        
: Saved      
:
PIX Version 6.1(2)                  
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100ord: ******                
IANTRAD
enable password ouGHk7Yho3Yj78Im encrypted'?' for a list of available commands.    
passwd ouGHk7Yho3Yj78Im encrypted          
IANTRADING# wr t    
hostname IANTRADING configuration...  
domain-name iantrading.comaved      
:
PIX Version
fixup protocol ftp 21  
nameif ethernet0
fixup protocol http 80                      
fixup protocol h323 1720nside security100      
fixup protocol rsh 514    
enable password
fixup protocol rtsp 554ed                    
fixup protocol smtp 25asswd ouGHk7Yho3Yj78Im
fixup protocol sqlnet 1521                
hostname
fixup protocol sip 5060    
domain-name iantr
fixup protocol skinny 2000        
fixup protocol ft
names    
access-list IAN permit icmp any any0                      
fixup proto
access-list IAN permit tcp any any eq 2823 protocol rsh 514                      
fi
access-list IAN permit tcp any any eq 2824
fixup protocol smtp 25                  
access-list IAN permit
access-list acl_out permit icmp any any                        
access-list I
pager lines 22ny any eq 9005
interface ethernet0 10full              
arp timeout 14400
nat (inside) 1 10.0.0.0 255.255.255.0 0 0
access-group acl_out in interface outside
access-group IAN in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
no sysopt route dnat
telnet 10.0.0.1 255.255.255.255 inside
telnet timeout 10
ssh timeout 5
terminal width 80
Cryptochecksum:a05a386467bac03a2698bdef515f09ac
: end
[OK]
IANTRADING(config)#

Thanks and Best Regards,
     
0
halcyone
Asked:
halcyone
  • 2
1 Solution
 
lrmooreCommented:
>-not letting my PC (10.0.0.2) browse the internet.
Add this command:

   global (outside) 1 interface

and remove the access-list from the inside interface:
 
  no access-group  IAN in interface inside

> -unable to configure the interfaces to be on autosensing
>PIX Version 6.1(2)    
You will need to upgrade the OS to 6.3x

>unable to let me configure it as a DHCP Server
Command reference:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/df.htm#1025497
0
 
halcyoneAuthor Commented:
Oh my Gosh - that's working - wow, this is brilliant! Thanks.


The DHCP configuration was a matter of syntex being wrong - I don't understand all the brackets and squiglies and when to put spaces in etc....any hints or links..



Any ideas how I can get the software that you mentioned. I probably have to pay for it knowing Cisco - but I thought its worth checking?

Thanks Irmoore
0
 
lrmooreCommented:
You will have to purchase SmartNet maintenance for the OS upgrade. Any reseller should be able to help you...

For dhcp, you can just use these basic commands to get you going.
[if_name] = inside

dhcpd address 10.0.0.100 - 10.0.0.200 inside
dhcpd dns 10.0.0.15 <your dns server inside>
dhcpd wins 10.0.0.15 <your wins server inside, if you have one>
dhcpd enable inside

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now