Pix starter and config how to - help and advice - I will learn soon thanks

Posted on 2004-10-31
Medium Priority
Last Modified: 2010-04-09
Hi I have just moved the Pix I hope to learn on to be part of my wireless network and I want some advice how to open it up to test the connectivity and get it connected to the internet via the wireless.

Current Setup is laptop with wireless connecting to AP - connecting to Pix inside int. connecting to DSL modem via ethernet outside int.

The DSL modem is a DHCP Server.
The AP is a DHCP client of the PIX.

Help me connect the laptop anyway via this equipment - thanks.

IANTRADING> en              
Password: ******                
IANTRADING# sh conf                  
: Saved      
PIX Version 6.1(2)                  
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
enable password ouGHk7Yho3Yj78Im encrypted                                          
passwd ouGHk7Yho3Yj78Im encrypted                                
hostname IANTRADING                  
domain-name iantrading.com                          
fixup protocol ftp 21                    
fixup protocol http 80                      
fixup protocol h323 1720                        
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol sip 5060                      
fixup protocol skinny 2000                          
access-list IAN permit                      
access-list IAN permit tcp any any eq 2823                                          
access-list IAN permit tcp any any eq 2824                                          
access-list IAN permit tcp any any eq www                                        
access-list IAN permit udp any any eq domain                                            
access-list IAN permit udp any any eq 9005                                          
access-list IAN permit tcp any any eq 9005                                          
access-list IAN permit tcp any any eq 8105                                          
access-list IAN permit udp any any eq 8100                                          
access-list acl_out permit icmp any any                                      
pager lines 22              
interface ethernet0 10full                          
interface ethernet1 10full                          
mtu outside 1500                
mtu inside 1500              
ip address outside dhcp setroute                              
ip address inside                                        
ip audit info action alarm                          
ip audit attack action alarm                            
pdm history enable                  
arp timeout 14400                
global (outside) 1 interface                            
nat (inside) 1 0 0  &n p;                                    
access-group acl_out in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
no sysopt route dnat
telnet inside
telnet timeout 10
ssh timeout 5
dhcpd address inside
dhcpd dns
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
terminal width 80

cheers guys
Question by:halcyone
  • 2
  • 2
LVL 79

Expert Comment

ID: 12458893
It looks like you have everything you need for basic connectivity.
So, your AP gets a 10.0.0.x ip address. What IP address does your laptop get?
What kind of AP is it? Or is it a wireless router?

Have you looked to see what kind of IP address you're getting from the modem, if any? Could it be trying to get a 10.0.0.x address, too?

You might want to change your telnet statement if you want to telnet to it..
> telnet inside  <== that's the inside interface IP, not good choice..
   telnet inside


Author Comment

ID: 12488171

AP is a US Robotics as is the DSL modem

IP Addresses looked like this

Laptop(static - AP (static ---------Pix inside Int (1) (Pix static) --------Pix outside int (0)(DHCP client me thinks? how to check what it got?) -------DSL Modem (

The DNS has been picked up successfully by the pix from the DSL ( I can see this in the config above).

LVL 79

Accepted Solution

lrmoore earned 1500 total points
ID: 12488212
You can check the PIX's ip address with "sho interface"
What do you get on the laptop in the IPCONIFIG for default gateway and DNS?
Do you get as the gateway and dns  -, ?

Can you ping the modem from the laptop?


Author Comment

ID: 12725817
Thanks and sorry for the delay

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question