Basic setup questions for a Cisco PIX 501 6.3(5) connecting to a CableModem

Hello,

I just bought a new Cisco PIX 501 Firewall 6.3(5). My only problem is that I don't know how to configure it. I bought so I can learn how to use it, but the Cisco PDF document is only helpful if you know what you're looking for and understand its language. Hopefully, Expert Exchange Member can help me with a few questions that I have.

Diagram:  LAN -----> PIX ------> Cable Modem, no static --------> WWW.

1. How do allow Internal Hosts access to the Internet?
2. How do I configure my Outside Interface to obtain an IP Address? I tried setting up PPPoE, but that didn't work for me to well.
3. I don't see an IP Address for Outside Interface, why?
4. Do I need to setup NAT and PAT to allow internal host access to the Internet?
5. What good books or websites can I go learn more about configuring Cisco PIX firewall? Note: I do have login access to Cisco's website, thanks to a company that I work who has a partnership with Cisco.
6. Do I need to secure my firewall or is it configured for me by default?
Intruder_3Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rsivanandanCommented:
Wow, that is a lot of questions in there. Just launch www.cisco.com and type it the question you have in mind and search it.

1. First you have to put the cable modem in the bridged mode so that your PIX outside interface gets the dhcp address from ISP.

2. ip address dhcp setroute  => This will tell the pix to obtain ip address from the ISP and use ISP's default route.

3. NAT or PAT in your situation;

nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface

=> The commands above says that all the internal traffic that leaves from the lan to internet should get natted to the Outside Interface address (Which is Public IP obtained from ISP)

By default, your pix allow all the outbound connections but doesn't allow any inbound connections, except you configure it specifically. Seems like you don't need any so that should be it. If you want to allow ping (ICMP) both ways, you can do the below;

icmp permit any any  

That should be it.

Cheers,
Rajesh
0
Intruder_3Author Commented:
Thanks, for the info.

I did go to Cisco's website, but those examples are little too advanced for me now. I just don't understand why my pix is not picking up an ip address.

The modem i have is a Motorola SB5101 from EarthLink/TimeWarner. Not sure how to setup for bridgemode. There are not settings on the modem to do that.

0
Cyclops3590Commented:
most of it is done by default.  however, if you want to make sure after you get into global mode just type
configure factory-default
and it will reset everything.  also don't forget to use "write mem" if you change anything that you want to save.

Also for number two, Rajesh, I believe it should be
ip address outside dhcp setroute
the interface needs to be specified

When I started learning pixes a little while ago I personally found the cisco press certification books the best.  At least for me if I want to learn something fast I always pick up the cert book.  It cuts to the chase and tells you what you want to know.  Cisco Press has a lot of books about the ASA and PIX line.  The two I found most helpful were the CCSP cisco book covering the pix test (2nd edition book; 3rd edition covers version 7.X) and the ASA and PIX Firewall Handbook.

Also, keep asking here.  Rajesh was a big help in pointing me in the right direction several times.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Cyclops3590Commented:
did you unplug the power on your modem, leave it for about half a minute then plug it back in.  cable modem sometimes need a power cycle when being swapped between devices with different mac addresses
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBPriceCommented:
did you see my comment on your other question?  http://www.experts-exchange.com/Programming/Q_21800494.html

BTW, it is generally accepted practice to post one question and the other clearly marked as a pointer with only 20 pts
0
JohnBPriceCommented:
Cyclops has a good point, did you have a computer attached to your modem before the PIX?  My DSL provider requires me to call them to reset the MAC address if I change the router.
0
rsivanandanCommented:
Oh yeah, I missed the interface part from the command there :-) Thnx for catching that Cyclops...

Cheers,
Rajesh
0
Intruder_3Author Commented:
Yup, that did it Cyclops3590.

I ran command " ip address outside dhcp setroute" , "debug dhcp packets", I then notice the outside interface was broadcasting for ip address, but no reply from modem, i then power recycled the modem and then the pix picked up an ip address.

thx...  now I just need to figure out "port forwarding". I will try to handle this on my own but if I can't you guys/gals will be see another question posted soon!.. Thx : )  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.