halcyone
asked on
Pix starter and config how to - help and advice - I will learn soon thanks
Hi I have just moved the Pix I hope to learn on to be part of my wireless network and I want some advice how to open it up to test the connectivity and get it connected to the internet via the wireless.
Current Setup is laptop with wireless connecting to AP - connecting to Pix inside int. connecting to DSL modem via ethernet outside int.
The DSL modem is a DHCP Server.
The AP is a DHCP client of the PIX.
Help me connect the laptop anyway via this equipment - thanks.
IANTRADING> en
Password: ******
IANTRADING# sh conf
: Saved
:
PIX Version 6.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ouGHk7Yho3Yj78Im encrypted
passwd ouGHk7Yho3Yj78Im encrypted
hostname IANTRADING
domain-name iantrading.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list IAN permit
access-list IAN permit tcp any any eq 2823
access-list IAN permit tcp any any eq 2824
access-list IAN permit tcp any any eq www
access-list IAN permit udp any any eq domain
access-list IAN permit udp any any eq 9005
access-list IAN permit tcp any any eq 9005
access-list IAN permit tcp any any eq 8105
access-list IAN permit udp any any eq 8100
access-list acl_out permit icmp any any
pager lines 22
interface ethernet0 10full
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 10.0.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 10.0.0.0 255.255.255.0 0 0 &n p;
access-group acl_out in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
no sysopt route dnat
telnet 10.0.0.1 255.255.255.255 inside
telnet timeout 10
ssh timeout 5
dhcpd address 10.0.0.3-10.0.0.15 inside
dhcpd dns 212.158.192.2 212.158.192.3
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
terminal width 80
Cryptochecksum:5b0e96db47d 1623abf2c2 d2738b8643 8
IANTRADING#
cheers guys
Current Setup is laptop with wireless connecting to AP - connecting to Pix inside int. connecting to DSL modem via ethernet outside int.
The DSL modem is a DHCP Server.
The AP is a DHCP client of the PIX.
Help me connect the laptop anyway via this equipment - thanks.
IANTRADING> en
Password: ******
IANTRADING# sh conf
: Saved
:
PIX Version 6.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ouGHk7Yho3Yj78Im encrypted
passwd ouGHk7Yho3Yj78Im encrypted
hostname IANTRADING
domain-name iantrading.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list IAN permit
access-list IAN permit tcp any any eq 2823
access-list IAN permit tcp any any eq 2824
access-list IAN permit tcp any any eq www
access-list IAN permit udp any any eq domain
access-list IAN permit udp any any eq 9005
access-list IAN permit tcp any any eq 9005
access-list IAN permit tcp any any eq 8105
access-list IAN permit udp any any eq 8100
access-list acl_out permit icmp any any
pager lines 22
interface ethernet0 10full
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 10.0.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 10.0.0.0 255.255.255.0 0 0 &n p;
access-group acl_out in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
no sysopt route dnat
telnet 10.0.0.1 255.255.255.255 inside
telnet timeout 10
ssh timeout 5
dhcpd address 10.0.0.3-10.0.0.15 inside
dhcpd dns 212.158.192.2 212.158.192.3
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
terminal width 80
Cryptochecksum:5b0e96db47d
IANTRADING#
cheers guys
ASKER
Thanks,
AP is a US Robotics as is the DSL modem
IP Addresses looked like this
Laptop(static 10.0.0.6) - AP (static 10.0.0.5) ---------Pix inside Int (1) (Pix 10.0.0.1 static) --------Pix outside int (0)(DHCP client me thinks? how to check what it got?) -------DSL Modem (192.168.1.1)
The DNS has been picked up successfully by the pix from the DSL ( I can see this in the config above).
thnks
AP is a US Robotics as is the DSL modem
IP Addresses looked like this
Laptop(static 10.0.0.6) - AP (static 10.0.0.5) ---------Pix inside Int (1) (Pix 10.0.0.1 static) --------Pix outside int (0)(DHCP client me thinks? how to check what it got?) -------DSL Modem (192.168.1.1)
The DNS has been picked up successfully by the pix from the DSL ( I can see this in the config above).
thnks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks and sorry for the delay
So, your AP gets a 10.0.0.x ip address. What IP address does your laptop get?
What kind of AP is it? Or is it a wireless router?
Have you looked to see what kind of IP address you're getting from the modem, if any? Could it be trying to get a 10.0.0.x address, too?
You might want to change your telnet statement if you want to telnet to it..
> telnet 10.0.0.1 255.255.255.255 inside <== that's the inside interface IP, not good choice..
Try:
telnet 10.0.0.0 255.255.255.0 inside