[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Configuring an extra DNS on a Cisco PIX 501 Firewall..

Posted on 2006-04-14
8
Medium Priority
?
1,843 Views
Last Modified: 2013-11-16
HI, I have a Cisco PIX 501 With 6.1 firmware. connected this way.

  Cisco Router <--> PIX 501 (DHCP) < --> LAN

 I'm setting up an internal DNS for the LAN on windows 2003 (static address).  I want to setup the DHCP on the PIX to automatically propagate the correct DNS throgh the network.

"dhcpd dns"  already has two addresses configured for the Internet... how do I add one more for the internal network?
0
Comment
Question by:markps_1
  • 4
  • 4
8 Comments
 
LVL 8

Author Comment

by:markps_1
ID: 16458396
Another quick question is what is the point of the Router since the firewall is doing the NAT..?
0
 
LVL 20

Accepted Solution

by:
calvinetter earned 2000 total points
ID: 16458473
>how do I add one more for the internal network?
  Sorry, 2 is the limit on PIX, even on much newer version 6.3 or even 7.x.

>what is the point of the Router since the firewall is doing the NAT..?
  Usually it's because the router's directly connected to a T1 or other type of WAN connection that the PIX doesn't support - PIX only has ethernet interfaces.  Or in situations when you need a true router on the WAN connection (a PIX is *not* a router!).  Also, often a PIX is added later when some organization wants to "beef up security" for their Internet access.

cheers
0
 
LVL 8

Author Comment

by:markps_1
ID: 16458829
So, is there any harm or dumping one of the ISPs DNS and adding mine?
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
LVL 20

Expert Comment

by:calvinetter
ID: 16458880
No, shouldn't be a problem.  Though if you're setting up an internal DNS server, might as well setup both ISP's DNS servers as forwarders on your Win2003 DNS server, that way if the single ISP DNS server given out by the PIX is unavailable, your workstations & your server will still be able to resolve Internet addresses.
  Either that, or just disable DHCP on the PIX, install & setup DHCP on the Win2003 server; a Windows DHCP server will allow you to specify more than 2 DNS servers.

cheers
0
 
LVL 8

Author Comment

by:markps_1
ID: 16458899
I can't move the DHCP on windows. Internal decisions here.

 I've just tried to set the new "dhcpd dns" on the pix it it won't go through...

 I've typed "configure terminal"  then  "dhcpd dns (ISP's DNS) (Internal DNS)"  and then when I type  "Show Configuration" and the configuration didn't change. I've been able to change other things here and there any clue why can't I change the DHCPD DNS? I've also tried to delete it with  "no dhcpd dns"  and it didn't do anything either.

Any clue?
0
 
LVL 20

Expert Comment

by:calvinetter
ID: 16458913
"show config" only shows you the saved config on the PIX.  Do "sh run" (or "write t") to display the current "running config" which will verify whether your changes were made.  When you're satisfied, make the change permanent by "wr mem".

cheers
0
 
LVL 8

Author Comment

by:markps_1
ID: 16458926
Hey thanks for the fast responses! A+
0
 
LVL 20

Expert Comment

by:calvinetter
ID: 16458933
No problem!
0

Featured Post

Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month17 days, 16 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question