Solved

Pix 506E basic Configuration Newbie

Posted on 2004-09-05
3
3,988 Views
Last Modified: 2013-11-16
Hi all,

I want to configure a PIX 506E which has a pre-existing config on to secure my home PC to the internet and need help to connect to the internet and some basic tips as an extra please.

-I have a netgear DSL Modem/Router with built in switch currently connected and working and running as a DHCP server.

-A preconfigured PIX 506E which I am trying to configure to connect through to the internet which so far is
    -getting an IP address from the Netgear
    -pinging the DNS servers of my ISP
    -unable to let me configure it as a DHCP Server (displays error when configuring the ethernet1 as a DHCPD)
    -not letting my PC (10.0.0.2) browse the internet.
    -unable to configure the interfaces to be on autosensing

-Please assist where you see any mistakes.

IANTRADING(config)# wr t                        
Building configuration...                        
: Saved      
:
PIX Version 6.1(2)                  
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100ord: ******                
IANTRAD
enable password ouGHk7Yho3Yj78Im encrypted'?' for a list of available commands.    
passwd ouGHk7Yho3Yj78Im encrypted          
IANTRADING# wr t    
hostname IANTRADING configuration...  
domain-name iantrading.comaved      
:
PIX Version
fixup protocol ftp 21  
nameif ethernet0
fixup protocol http 80                      
fixup protocol h323 1720nside security100      
fixup protocol rsh 514    
enable password
fixup protocol rtsp 554ed                    
fixup protocol smtp 25asswd ouGHk7Yho3Yj78Im
fixup protocol sqlnet 1521                
hostname
fixup protocol sip 5060    
domain-name iantr
fixup protocol skinny 2000        
fixup protocol ft
names    
access-list IAN permit icmp any any0                      
fixup proto
access-list IAN permit tcp any any eq 2823 protocol rsh 514                      
fi
access-list IAN permit tcp any any eq 2824
fixup protocol smtp 25                  
access-list IAN permit
access-list acl_out permit icmp any any                        
access-list I
pager lines 22ny any eq 9005
interface ethernet0 10full              
arp timeout 14400
nat (inside) 1 10.0.0.0 255.255.255.0 0 0
access-group acl_out in interface outside
access-group IAN in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
no sysopt route dnat
telnet 10.0.0.1 255.255.255.255 inside
telnet timeout 10
ssh timeout 5
terminal width 80
Cryptochecksum:a05a386467bac03a2698bdef515f09ac
: end
[OK]
IANTRADING(config)#

Thanks and Best Regards,
     
0
Comment
Question by:halcyone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 11988045
>-not letting my PC (10.0.0.2) browse the internet.
Add this command:

   global (outside) 1 interface

and remove the access-list from the inside interface:
 
  no access-group  IAN in interface inside

> -unable to configure the interfaces to be on autosensing
>PIX Version 6.1(2)    
You will need to upgrade the OS to 6.3x

>unable to let me configure it as a DHCP Server
Command reference:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/df.htm#1025497
0
 

Author Comment

by:halcyone
ID: 11992154
Oh my Gosh - that's working - wow, this is brilliant! Thanks.


The DHCP configuration was a matter of syntex being wrong - I don't understand all the brackets and squiglies and when to put spaces in etc....any hints or links..



Any ideas how I can get the software that you mentioned. I probably have to pay for it knowing Cisco - but I thought its worth checking?

Thanks Irmoore
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11992733
You will have to purchase SmartNet maintenance for the OS upgrade. Any reseller should be able to help you...

For dhcp, you can just use these basic commands to get you going.
[if_name] = inside

dhcpd address 10.0.0.100 - 10.0.0.200 inside
dhcpd dns 10.0.0.15 <your dns server inside>
dhcpd wins 10.0.0.15 <your wins server inside, if you have one>
dhcpd enable inside

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question