Solved

Pix 501 Setup Help

Posted on 2006-07-08
9
343 Views
Last Modified: 2013-11-16
Need some advice on configuring a Pix 501 Firewall.  We are switching our internet connection from DSL to T-1 and currently have our network configured for the DSL connection through a gateway 192.168.0.254.

The T-1 goes through a Cisco D2431 8F-XS router.  

The default gateway they gave us is 68.166.254.217, subnet of 255.255.255.248.
Static IPs of 68.166.254.218-222 and  DNS servers 64.105.189.26 & 64.105.179.138.

Our network is small, 7 users running off a windows 2000 server.

Need to know how to connect and configure the firewall oth the network so our internal users can access the internet.

I have never set up a firewall before on a T-1, I am familiar with how to use the CLI however.

Any help would be greatly appreciated.

Thanks
0
Comment
Question by:Tomxls
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17066058
There's no difference to the firewall what the router's wan connection is.
Is this PIX already in production, or brand new?
Very basic config from command line:

interface ethernet0 auto
interface ethernet1 auto

no dhcpd enable inside
no dhcpd adress 192.168.1.2-192.168.1.254 inside

ip address outside 68.166.254.218 255.255.255.248
ip address inside 192.168.0.254 255.255.255.0

global (outside) 10 interface
nat (inside) 10 192.168.0.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 68.166.254.217

dhcpd address 192.168.0.200-192.168.0.250 inside
dhcpd enable inside

That's it!
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17067796
The only thing I would add is inserting the "dhcpd dns" since dhcp are being hosted by the firewall.  Without this then your dhcp clients won't be able to access the internet.

Pentrix2
0
 

Author Comment

by:Tomxls
ID: 17075818
Thanks for the help.

This is a new device to connect to the T-1 router.

Does the IP address of the PIX have to be changed to 192.168.0.254 (the network default gateway).

I also have been told in the past to have my ISP disable DHCP in order to the workstations to connect to the internet, will I have to do the same with the PIX?

Will try your cofiguration and see what happens......

Thanks again!!
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 79

Expert Comment

by:lrmoore
ID: 17076695
By default, the PIX is setup to be a DHCP server and to have 192.168.1.1 as the IP address of the PIX. If your network is already 192.168.0.x and your systems are already set to use 192.168.0.254 as their default gateway then it only makes things much easier to configure the PIX to match your network.
The router should not be doing DHCP. T1 is typically set up for you to make those decisions..
0
 

Author Comment

by:Tomxls
ID: 17076903
So then I have to add a line to the above configuration to change the IP address of the PIX?

What is the command to do that?



Thanks again
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17076926
First you have to disable the DHCP server and then you can change the IP

no dhcpd enable inside
no dhcpd adress 192.168.1.2-192.168.1.254 inside
ip address inside 192.168.0.254 255.255.255.0
0
 

Author Comment

by:Tomxls
ID: 17077024
OK that makes sense will give it a go.

Thanks so much!!!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17077535
0
 

Author Comment

by:Tomxls
ID: 17121963
Was not able to program the PIX using the above configuration.  I seem to have some issues with address pools and such that does not allow me to enter the above command string.

Besides that I may have a wiring issue I am running a crossover cable from the PIX to a Linksys switch and then to the T-1 router.  Nothing else in this is connected to the switch except the router and the PIX.   My thought is that the Linksys switch may not be able to handle the data speed?

Otherwise I am kind of at a loss at this point as to how to program the PIX.

Additionally the command "interface ethernet1 auto" errors saying I have to enter "100full" is this a problem also?

Thanks.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question