Solved

Pix 501 Setup Help

Posted on 2006-07-08
9
338 Views
Last Modified: 2013-11-16
Need some advice on configuring a Pix 501 Firewall.  We are switching our internet connection from DSL to T-1 and currently have our network configured for the DSL connection through a gateway 192.168.0.254.

The T-1 goes through a Cisco D2431 8F-XS router.  

The default gateway they gave us is 68.166.254.217, subnet of 255.255.255.248.
Static IPs of 68.166.254.218-222 and  DNS servers 64.105.189.26 & 64.105.179.138.

Our network is small, 7 users running off a windows 2000 server.

Need to know how to connect and configure the firewall oth the network so our internal users can access the internet.

I have never set up a firewall before on a T-1, I am familiar with how to use the CLI however.

Any help would be greatly appreciated.

Thanks
0
Comment
Question by:Tomxls
  • 4
  • 4
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17066058
There's no difference to the firewall what the router's wan connection is.
Is this PIX already in production, or brand new?
Very basic config from command line:

interface ethernet0 auto
interface ethernet1 auto

no dhcpd enable inside
no dhcpd adress 192.168.1.2-192.168.1.254 inside

ip address outside 68.166.254.218 255.255.255.248
ip address inside 192.168.0.254 255.255.255.0

global (outside) 10 interface
nat (inside) 10 192.168.0.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 68.166.254.217

dhcpd address 192.168.0.200-192.168.0.250 inside
dhcpd enable inside

That's it!
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17067796
The only thing I would add is inserting the "dhcpd dns" since dhcp are being hosted by the firewall.  Without this then your dhcp clients won't be able to access the internet.

Pentrix2
0
 

Author Comment

by:Tomxls
ID: 17075818
Thanks for the help.

This is a new device to connect to the T-1 router.

Does the IP address of the PIX have to be changed to 192.168.0.254 (the network default gateway).

I also have been told in the past to have my ISP disable DHCP in order to the workstations to connect to the internet, will I have to do the same with the PIX?

Will try your cofiguration and see what happens......

Thanks again!!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17076695
By default, the PIX is setup to be a DHCP server and to have 192.168.1.1 as the IP address of the PIX. If your network is already 192.168.0.x and your systems are already set to use 192.168.0.254 as their default gateway then it only makes things much easier to configure the PIX to match your network.
The router should not be doing DHCP. T1 is typically set up for you to make those decisions..
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Tomxls
ID: 17076903
So then I have to add a line to the above configuration to change the IP address of the PIX?

What is the command to do that?



Thanks again
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17076926
First you have to disable the DHCP server and then you can change the IP

no dhcpd enable inside
no dhcpd adress 192.168.1.2-192.168.1.254 inside
ip address inside 192.168.0.254 255.255.255.0
0
 

Author Comment

by:Tomxls
ID: 17077024
OK that makes sense will give it a go.

Thanks so much!!!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17077535
0
 

Author Comment

by:Tomxls
ID: 17121963
Was not able to program the PIX using the above configuration.  I seem to have some issues with address pools and such that does not allow me to enter the above command string.

Besides that I may have a wiring issue I am running a crossover cable from the PIX to a Linksys switch and then to the T-1 router.  Nothing else in this is connected to the switch except the router and the PIX.   My thought is that the Linksys switch may not be able to handle the data speed?

Otherwise I am kind of at a loss at this point as to how to program the PIX.

Additionally the command "interface ethernet1 auto" errors saying I have to enter "100full" is this a problem also?

Thanks.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now