Solved

Pix 506E basic Configuration Newbie

Posted on 2004-09-05
3
3,982 Views
Last Modified: 2013-11-16
Hi all,

I want to configure a PIX 506E which has a pre-existing config on to secure my home PC to the internet and need help to connect to the internet and some basic tips as an extra please.

-I have a netgear DSL Modem/Router with built in switch currently connected and working and running as a DHCP server.

-A preconfigured PIX 506E which I am trying to configure to connect through to the internet which so far is
    -getting an IP address from the Netgear
    -pinging the DNS servers of my ISP
    -unable to let me configure it as a DHCP Server (displays error when configuring the ethernet1 as a DHCPD)
    -not letting my PC (10.0.0.2) browse the internet.
    -unable to configure the interfaces to be on autosensing

-Please assist where you see any mistakes.

IANTRADING(config)# wr t                        
Building configuration...                        
: Saved      
:
PIX Version 6.1(2)                  
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100ord: ******                
IANTRAD
enable password ouGHk7Yho3Yj78Im encrypted'?' for a list of available commands.    
passwd ouGHk7Yho3Yj78Im encrypted          
IANTRADING# wr t    
hostname IANTRADING configuration...  
domain-name iantrading.comaved      
:
PIX Version
fixup protocol ftp 21  
nameif ethernet0
fixup protocol http 80                      
fixup protocol h323 1720nside security100      
fixup protocol rsh 514    
enable password
fixup protocol rtsp 554ed                    
fixup protocol smtp 25asswd ouGHk7Yho3Yj78Im
fixup protocol sqlnet 1521                
hostname
fixup protocol sip 5060    
domain-name iantr
fixup protocol skinny 2000        
fixup protocol ft
names    
access-list IAN permit icmp any any0                      
fixup proto
access-list IAN permit tcp any any eq 2823 protocol rsh 514                      
fi
access-list IAN permit tcp any any eq 2824
fixup protocol smtp 25                  
access-list IAN permit
access-list acl_out permit icmp any any                        
access-list I
pager lines 22ny any eq 9005
interface ethernet0 10full              
arp timeout 14400
nat (inside) 1 10.0.0.0 255.255.255.0 0 0
access-group acl_out in interface outside
access-group IAN in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
no sysopt route dnat
telnet 10.0.0.1 255.255.255.255 inside
telnet timeout 10
ssh timeout 5
terminal width 80
Cryptochecksum:a05a386467bac03a2698bdef515f09ac
: end
[OK]
IANTRADING(config)#

Thanks and Best Regards,
     
0
Comment
Question by:halcyone
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
Comment Utility
>-not letting my PC (10.0.0.2) browse the internet.
Add this command:

   global (outside) 1 interface

and remove the access-list from the inside interface:
 
  no access-group  IAN in interface inside

> -unable to configure the interfaces to be on autosensing
>PIX Version 6.1(2)    
You will need to upgrade the OS to 6.3x

>unable to let me configure it as a DHCP Server
Command reference:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/df.htm#1025497
0
 

Author Comment

by:halcyone
Comment Utility
Oh my Gosh - that's working - wow, this is brilliant! Thanks.


The DHCP configuration was a matter of syntex being wrong - I don't understand all the brackets and squiglies and when to put spaces in etc....any hints or links..



Any ideas how I can get the software that you mentioned. I probably have to pay for it knowing Cisco - but I thought its worth checking?

Thanks Irmoore
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
You will have to purchase SmartNet maintenance for the OS upgrade. Any reseller should be able to help you...

For dhcp, you can just use these basic commands to get you going.
[if_name] = inside

dhcpd address 10.0.0.100 - 10.0.0.200 inside
dhcpd dns 10.0.0.15 <your dns server inside>
dhcpd wins 10.0.0.15 <your wins server inside, if you have one>
dhcpd enable inside

0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now