Solved

Pix starter and config how to - help and advice - I will learn soon thanks

Posted on 2004-10-31
222 Views
Last Modified: 2010-04-09
Hi I have just moved the Pix I hope to learn on to be part of my wireless network and I want some advice how to open it up to test the connectivity and get it connected to the internet via the wireless.

Current Setup is laptop with wireless connecting to AP - connecting to Pix inside int. connecting to DSL modem via ethernet outside int.

The DSL modem is a DHCP Server.
The AP is a DHCP client of the PIX.

Help me connect the laptop anyway via this equipment - thanks.

IANTRADING> en              
Password: ******                
IANTRADING# sh conf                  
: Saved      
:
PIX Version 6.1(2)                  
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
enable password ouGHk7Yho3Yj78Im encrypted                                          
passwd ouGHk7Yho3Yj78Im encrypted                                
hostname IANTRADING                  
domain-name iantrading.com                          
fixup protocol ftp 21                    
fixup protocol http 80                      
fixup protocol h323 1720                        
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol sip 5060                      
fixup protocol skinny 2000                          
names    
access-list IAN permit                      
access-list IAN permit tcp any any eq 2823                                          
access-list IAN permit tcp any any eq 2824                                          
access-list IAN permit tcp any any eq www                                        
access-list IAN permit udp any any eq domain                                            
access-list IAN permit udp any any eq 9005                                          
access-list IAN permit tcp any any eq 9005                                          
access-list IAN permit tcp any any eq 8105                                          
access-list IAN permit udp any any eq 8100                                          
access-list acl_out permit icmp any any                                      
pager lines 22              
interface ethernet0 10full                          
interface ethernet1 10full                          
mtu outside 1500                
mtu inside 1500              
ip address outside dhcp setroute                              
ip address inside 10.0.0.1 255.255.255.0                                        
ip audit info action alarm                          
ip audit attack action alarm                            
pdm history enable                  
arp timeout 14400                
global (outside) 1 interface                            
nat (inside) 1 10.0.0.0 255.255.255.0 0 0  &n p;                                    
access-group acl_out in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
no sysopt route dnat
telnet 10.0.0.1 255.255.255.255 inside
telnet timeout 10
ssh timeout 5
dhcpd address 10.0.0.3-10.0.0.15 inside
dhcpd dns 212.158.192.2 212.158.192.3
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
terminal width 80
Cryptochecksum:5b0e96db47d1623abf2c2d2738b86438
IANTRADING#

cheers guys
0
Question by:halcyone
    4 Comments
     
    LVL 79

    Expert Comment

    by:lrmoore
    It looks like you have everything you need for basic connectivity.
    So, your AP gets a 10.0.0.x ip address. What IP address does your laptop get?
    What kind of AP is it? Or is it a wireless router?

    Have you looked to see what kind of IP address you're getting from the modem, if any? Could it be trying to get a 10.0.0.x address, too?

    You might want to change your telnet statement if you want to telnet to it..
    > telnet 10.0.0.1 255.255.255.255 inside  <== that's the inside interface IP, not good choice..
    Try:
       telnet 10.0.0.0 255.255.255.0 inside

    0
     

    Author Comment

    by:halcyone
    Thanks,

    AP is a US Robotics as is the DSL modem

    IP Addresses looked like this

    Laptop(static 10.0.0.6) - AP (static 10.0.0.5) ---------Pix inside Int (1) (Pix 10.0.0.1 static) --------Pix outside int (0)(DHCP client me thinks? how to check what it got?) -------DSL Modem (192.168.1.1)

    The DNS has been picked up successfully by the pix from the DSL ( I can see this in the config above).

    thnks
    0
     
    LVL 79

    Accepted Solution

    by:
    You can check the PIX's ip address with "sho interface"
    What do you get on the laptop in the IPCONIFIG for default gateway and DNS?
    Do you get 10.0.0.1 as the gateway and dns  - 212.158.192.2, 212.158.192.3 ?

    Can you ping the modem 192.168.1.1 from the laptop?

    0
     

    Author Comment

    by:halcyone
    Thanks and sorry for the delay
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
    This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
    This video Micro Tutorial is the second in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles a…
    In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now