?
Solved

Pix 501 Setup Help

Posted on 2006-07-08
9
Medium Priority
?
422 Views
Last Modified: 2013-11-16
Need some advice on configuring a Pix 501 Firewall.  We are switching our internet connection from DSL to T-1 and currently have our network configured for the DSL connection through a gateway 192.168.0.254.

The T-1 goes through a Cisco D2431 8F-XS router.  

The default gateway they gave us is 68.166.254.217, subnet of 255.255.255.248.
Static IPs of 68.166.254.218-222 and  DNS servers 64.105.189.26 & 64.105.179.138.

Our network is small, 7 users running off a windows 2000 server.

Need to know how to connect and configure the firewall oth the network so our internal users can access the internet.

I have never set up a firewall before on a T-1, I am familiar with how to use the CLI however.

Any help would be greatly appreciated.

Thanks
0
Comment
Question by:Tomxls
  • 4
  • 4
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17066058
There's no difference to the firewall what the router's wan connection is.
Is this PIX already in production, or brand new?
Very basic config from command line:

interface ethernet0 auto
interface ethernet1 auto

no dhcpd enable inside
no dhcpd adress 192.168.1.2-192.168.1.254 inside

ip address outside 68.166.254.218 255.255.255.248
ip address inside 192.168.0.254 255.255.255.0

global (outside) 10 interface
nat (inside) 10 192.168.0.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 68.166.254.217

dhcpd address 192.168.0.200-192.168.0.250 inside
dhcpd enable inside

That's it!
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17067796
The only thing I would add is inserting the "dhcpd dns" since dhcp are being hosted by the firewall.  Without this then your dhcp clients won't be able to access the internet.

Pentrix2
0
 

Author Comment

by:Tomxls
ID: 17075818
Thanks for the help.

This is a new device to connect to the T-1 router.

Does the IP address of the PIX have to be changed to 192.168.0.254 (the network default gateway).

I also have been told in the past to have my ISP disable DHCP in order to the workstations to connect to the internet, will I have to do the same with the PIX?

Will try your cofiguration and see what happens......

Thanks again!!
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
LVL 79

Expert Comment

by:lrmoore
ID: 17076695
By default, the PIX is setup to be a DHCP server and to have 192.168.1.1 as the IP address of the PIX. If your network is already 192.168.0.x and your systems are already set to use 192.168.0.254 as their default gateway then it only makes things much easier to configure the PIX to match your network.
The router should not be doing DHCP. T1 is typically set up for you to make those decisions..
0
 

Author Comment

by:Tomxls
ID: 17076903
So then I have to add a line to the above configuration to change the IP address of the PIX?

What is the command to do that?



Thanks again
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 17076926
First you have to disable the DHCP server and then you can change the IP

no dhcpd enable inside
no dhcpd adress 192.168.1.2-192.168.1.254 inside
ip address inside 192.168.0.254 255.255.255.0
0
 

Author Comment

by:Tomxls
ID: 17077024
OK that makes sense will give it a go.

Thanks so much!!!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17077535
0
 

Author Comment

by:Tomxls
ID: 17121963
Was not able to program the PIX using the above configuration.  I seem to have some issues with address pools and such that does not allow me to enter the above command string.

Besides that I may have a wiring issue I am running a crossover cable from the PIX to a Linksys switch and then to the T-1 router.  Nothing else in this is connected to the switch except the router and the PIX.   My thought is that the Linksys switch may not be able to handle the data speed?

Otherwise I am kind of at a loss at this point as to how to program the PIX.

Additionally the command "interface ethernet1 auto" errors saying I have to enter "100full" is this a problem also?

Thanks.
0

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question