[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Pix failed, please help configure cisco 2524

Posted on 2006-05-19
10
Medium Priority
?
415 Views
Last Modified: 2010-03-19
I have/had a setup similar to:

              ____________                  _________            ________
            |                     |                |               |           |             |=======computer1
   T1 ==|  cisco 2500    |=======|  PIX 506  | ==== |  hub      |=======computer2...
            |____________|                |________ |           |________|=======computerN

The problem is that the PIX firewall has failed/died.  Now nothing is doing the NAT or DHCP.  
I would like to assign these functions to the Cisco 2524 if this is possible.  I have the rollover cable and have succeeded in reseting the password which no one knew, using Hyperterminal and the console.
I do not know how to configure this router to act as a T1 transceiver/modem and provide NAT and DHCP to about 15 computers using the console or any other way for that matter.  Could somebody provide me with a guide, URL or whatever (an idiot guide) so that I can get things up and running until we decide on the firewall situation.  For instance what's the difference between configureing ethernet and serial and which one do I configure for IP?
I have no documentation other than the PDF available at cisco, but this does not explain the terminology you are faced with when configuring the router via the terminal emulator.
I know all the IP addresses and subnetting but can not tell whether I am entering information for the WAN or the LAN since the console provides no feedback in this regard.

Any help is greatly appreciated..

0
Comment
Question by:lizardqueen007
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 11

Accepted Solution

by:
prueconsulting earned 540 total points
ID: 16720525
It depends on the IOS version running on the router if its capable of providing nat functionality or not.


If it is capable of natting then you would just enter the command


ip nat inside in the internal interface(eth0)  
ip nat outside on the external interface (serial 0 most likely)

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087bac.html for an example
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 16720531
Of course i forgot.. This is when in configuration mode

conf t
interface serial 0
ip nat outside
!
interface fastethernet 0
ip nat inside
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16720710
Thankyou for fast!
Is there a way to check ios to see if capable perhaps a list of compatability or something?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 11

Expert Comment

by:prueconsulting
ID: 16720811
One quick way is to login to the router and try and issue the command do a ip ? and see if ip nat is an available option..

Issue the command and see if it says unrecognized command.

If it does then chances are you might require a firewall IOS to do the nat'ting..
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 480 total points
ID: 16720980
Capture output of
router>show version

You many not have the ability to be a DHCP server and may not have enough dram/flash memory to even upgrade the IOS to provide that service. You 'should' be able to do the nat, though..

Adding to prueconsulting's example above:

router>enable
Password:
router#config term
router(config)#interface Ethernet0
router(config-if))#ip address 192.168.169.1 255.255.255.0 secondary
router(config-if))#ip nat inside
router(config-if)#exit
router(config)#access-list 1 permit 192.168.169.0 0.0.0.255
router(config)#ip nat inside source list 1 interface Serial0 overload
router(config)#interface serial0
router(config-if)#ip nat outside
router(config-if)#end
router#write mem
[OK]
router#

Then manually assign IP addresses to the workstations using 192.168.169.x / 24

You might want to reconsider and just run out to the local office supply store and buy yourself a little $50 Linksys/Dlink broadband router. It does nat and dhcp right out of the box.

0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 480 total points
ID: 16721034
First of all, here is a basic config guide:
http://www.cisco.com/en/US/products/hw/routers/ps233/products_installation_and_configuration_guide_chapter09186a008007e413.html

But in order to have a complete config guide, you need to tell us what version of IOS it's running. The output of "show version" will give you that. NAT should be supported in any version. But DHCP may not be, depending on the IOS version again.

The serial interface should not need to be touched except for adding "ip nat outside" as mentioned earlier.
The ethernet interface will need to have the correct ip address added. This should be the LAN's default gateway address, for example:
ip address 192.168.0.1 255.255.255.0
ip nat inside

It's not quite as simple to configure it for nat as prueconsulting told you. You also have to tell it what to do about NAT. Assuming that the above is your LAN addressing:

ip nat inside source list 1 serial0 overload
access-list 1 permit 192.168.1.0 0.0.0.255

This will take any ip on the LAN and translate it to the serial 0 address.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 16721057
Oops, looks like lrmoore and I said the same thing. I agree with hime on the Dinky brand router as well, it will be a lot easier to work with until you get your PIX replaced- just configure the Dinky's WAN address to talk to whatever address is on the ethernet port of the 2524 and everything else should pretty much take care of itself.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 16721065
But don't go looking in Best Buy for a brand called "Dinky" though :-)
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16722054
D-Link / Linsys = Dinksys = Dinky! I like it!
<8-}
0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16747433
Thank you everyone,
I really appreciate the quick responses and I'm sure that your answers were good, but I'm glad that I did not have to put them all to the test this time.  I split the points, because I was unable to test each response individually.  Luckily the Pix turned out to be ok and was not the problem.  The crossover cable was the problem, which I should have tested first.    Irmoore: The problem with using a linksys or dlink is that I required a T1 adapter.  FYI I realized that the lack of link light (which I did not disclose-sorry) was due to the crossover and I mistakenly jumped to the conclusion that it was the PIX malfunctioning.  In an attempt to reset the password to the router, I over wrote the router and had to complete the configuration.  Luckily I found a person at Qwest (very helpful) that was able to talk me through the configuration and had the necessary IP information to finish the job.  I will take some personal time to work with a cisco 2500 router and a pix to become more familiar with the hyperterminal interface, because for someone who has never used it, learning how to use it under fire is not fun.  I will eventually have to reset the PIX password on this setup I'm afraid, since the last IT person left without documentation.  Thanks again everyone.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question