Solved

Pix 506E basic Configuration Newbie

Posted on 2004-09-05
3
3,985 Views
Last Modified: 2013-11-16
Hi all,

I want to configure a PIX 506E which has a pre-existing config on to secure my home PC to the internet and need help to connect to the internet and some basic tips as an extra please.

-I have a netgear DSL Modem/Router with built in switch currently connected and working and running as a DHCP server.

-A preconfigured PIX 506E which I am trying to configure to connect through to the internet which so far is
    -getting an IP address from the Netgear
    -pinging the DNS servers of my ISP
    -unable to let me configure it as a DHCP Server (displays error when configuring the ethernet1 as a DHCPD)
    -not letting my PC (10.0.0.2) browse the internet.
    -unable to configure the interfaces to be on autosensing

-Please assist where you see any mistakes.

IANTRADING(config)# wr t                        
Building configuration...                        
: Saved      
:
PIX Version 6.1(2)                  
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100ord: ******                
IANTRAD
enable password ouGHk7Yho3Yj78Im encrypted'?' for a list of available commands.    
passwd ouGHk7Yho3Yj78Im encrypted          
IANTRADING# wr t    
hostname IANTRADING configuration...  
domain-name iantrading.comaved      
:
PIX Version
fixup protocol ftp 21  
nameif ethernet0
fixup protocol http 80                      
fixup protocol h323 1720nside security100      
fixup protocol rsh 514    
enable password
fixup protocol rtsp 554ed                    
fixup protocol smtp 25asswd ouGHk7Yho3Yj78Im
fixup protocol sqlnet 1521                
hostname
fixup protocol sip 5060    
domain-name iantr
fixup protocol skinny 2000        
fixup protocol ft
names    
access-list IAN permit icmp any any0                      
fixup proto
access-list IAN permit tcp any any eq 2823 protocol rsh 514                      
fi
access-list IAN permit tcp any any eq 2824
fixup protocol smtp 25                  
access-list IAN permit
access-list acl_out permit icmp any any                        
access-list I
pager lines 22ny any eq 9005
interface ethernet0 10full              
arp timeout 14400
nat (inside) 1 10.0.0.0 255.255.255.0 0 0
access-group acl_out in interface outside
access-group IAN in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
no sysopt route dnat
telnet 10.0.0.1 255.255.255.255 inside
telnet timeout 10
ssh timeout 5
terminal width 80
Cryptochecksum:a05a386467bac03a2698bdef515f09ac
: end
[OK]
IANTRADING(config)#

Thanks and Best Regards,
     
0
Comment
Question by:halcyone
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 11988045
>-not letting my PC (10.0.0.2) browse the internet.
Add this command:

   global (outside) 1 interface

and remove the access-list from the inside interface:
 
  no access-group  IAN in interface inside

> -unable to configure the interfaces to be on autosensing
>PIX Version 6.1(2)    
You will need to upgrade the OS to 6.3x

>unable to let me configure it as a DHCP Server
Command reference:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/df.htm#1025497
0
 

Author Comment

by:halcyone
ID: 11992154
Oh my Gosh - that's working - wow, this is brilliant! Thanks.


The DHCP configuration was a matter of syntex being wrong - I don't understand all the brackets and squiglies and when to put spaces in etc....any hints or links..



Any ideas how I can get the software that you mentioned. I probably have to pay for it knowing Cisco - but I thought its worth checking?

Thanks Irmoore
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11992733
You will have to purchase SmartNet maintenance for the OS upgrade. Any reseller should be able to help you...

For dhcp, you can just use these basic commands to get you going.
[if_name] = inside

dhcpd address 10.0.0.100 - 10.0.0.200 inside
dhcpd dns 10.0.0.15 <your dns server inside>
dhcpd wins 10.0.0.15 <your wins server inside, if you have one>
dhcpd enable inside

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now