Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

Basic setup questions for a Cisco PIX 501 6.3(5) connecting to a CableModem

Hello,

I just bought a new Cisco PIX 501 Firewall 6.3(5). My only problem is that I don't know how to configure it. I bought so I can learn how to use it, but the Cisco PDF document is only helpful if you know what you're looking for and understand its language. Hopefully, Expert Exchange Member can help me with a few questions that I have.

Diagram:  LAN -----> PIX ------> Cable Modem, no static --------> WWW.

1. How do allow Internal Hosts access to the Internet?
2. How do I configure my Outside Interface to obtain an IP Address? I tried setting up PPPoE, but that didn't work for me to well.
3. I don't see an IP Address for Outside Interface, why?
4. Do I need to setup NAT and PAT to allow internal host access to the Internet?
5. What good books or websites can I go learn more about configuring Cisco PIX firewall? Note: I do have login access to Cisco's website, thanks to a company that I work who has a partnership with Cisco.
6. Do I need to secure my firewall or is it configured for me by default?
0
Intruder_3
Asked:
Intruder_3
  • 2
  • 2
  • 2
  • +1
1 Solution
 
rsivanandanCommented:
Wow, that is a lot of questions in there. Just launch www.cisco.com and type it the question you have in mind and search it.

1. First you have to put the cable modem in the bridged mode so that your PIX outside interface gets the dhcp address from ISP.

2. ip address dhcp setroute  => This will tell the pix to obtain ip address from the ISP and use ISP's default route.

3. NAT or PAT in your situation;

nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface

=> The commands above says that all the internal traffic that leaves from the lan to internet should get natted to the Outside Interface address (Which is Public IP obtained from ISP)

By default, your pix allow all the outbound connections but doesn't allow any inbound connections, except you configure it specifically. Seems like you don't need any so that should be it. If you want to allow ping (ICMP) both ways, you can do the below;

icmp permit any any  

That should be it.

Cheers,
Rajesh
0
 
Intruder_3Author Commented:
Thanks, for the info.

I did go to Cisco's website, but those examples are little too advanced for me now. I just don't understand why my pix is not picking up an ip address.

The modem i have is a Motorola SB5101 from EarthLink/TimeWarner. Not sure how to setup for bridgemode. There are not settings on the modem to do that.

0
 
Cyclops3590Commented:
most of it is done by default.  however, if you want to make sure after you get into global mode just type
configure factory-default
and it will reset everything.  also don't forget to use "write mem" if you change anything that you want to save.

Also for number two, Rajesh, I believe it should be
ip address outside dhcp setroute
the interface needs to be specified

When I started learning pixes a little while ago I personally found the cisco press certification books the best.  At least for me if I want to learn something fast I always pick up the cert book.  It cuts to the chase and tells you what you want to know.  Cisco Press has a lot of books about the ASA and PIX line.  The two I found most helpful were the CCSP cisco book covering the pix test (2nd edition book; 3rd edition covers version 7.X) and the ASA and PIX Firewall Handbook.

Also, keep asking here.  Rajesh was a big help in pointing me in the right direction several times.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Cyclops3590Commented:
did you unplug the power on your modem, leave it for about half a minute then plug it back in.  cable modem sometimes need a power cycle when being swapped between devices with different mac addresses
0
 
JohnBPriceCommented:
did you see my comment on your other question?  http://www.experts-exchange.com/Programming/Q_21800494.html

BTW, it is generally accepted practice to post one question and the other clearly marked as a pointer with only 20 pts
0
 
JohnBPriceCommented:
Cyclops has a good point, did you have a computer attached to your modem before the PIX?  My DSL provider requires me to call them to reset the MAC address if I change the router.
0
 
rsivanandanCommented:
Oh yeah, I missed the interface part from the command there :-) Thnx for catching that Cyclops...

Cheers,
Rajesh
0
 
Intruder_3Author Commented:
Yup, that did it Cyclops3590.

I ran command " ip address outside dhcp setroute" , "debug dhcp packets", I then notice the outside interface was broadcasting for ip address, but no reply from modem, i then power recycled the modem and then the pix picked up an ip address.

thx...  now I just need to figure out "port forwarding". I will try to handle this on my own but if I can't you guys/gals will be see another question posted soon!.. Thx : )  
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now