[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 352
  • Last Modified:

Pix 501 Setup Help

Need some advice on configuring a Pix 501 Firewall.  We are switching our internet connection from DSL to T-1 and currently have our network configured for the DSL connection through a gateway 192.168.0.254.

The T-1 goes through a Cisco D2431 8F-XS router.  

The default gateway they gave us is 68.166.254.217, subnet of 255.255.255.248.
Static IPs of 68.166.254.218-222 and  DNS servers 64.105.189.26 & 64.105.179.138.

Our network is small, 7 users running off a windows 2000 server.

Need to know how to connect and configure the firewall oth the network so our internal users can access the internet.

I have never set up a firewall before on a T-1, I am familiar with how to use the CLI however.

Any help would be greatly appreciated.

Thanks
0
Tomxls
Asked:
Tomxls
  • 4
  • 4
1 Solution
 
lrmooreCommented:
There's no difference to the firewall what the router's wan connection is.
Is this PIX already in production, or brand new?
Very basic config from command line:

interface ethernet0 auto
interface ethernet1 auto

no dhcpd enable inside
no dhcpd adress 192.168.1.2-192.168.1.254 inside

ip address outside 68.166.254.218 255.255.255.248
ip address inside 192.168.0.254 255.255.255.0

global (outside) 10 interface
nat (inside) 10 192.168.0.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 68.166.254.217

dhcpd address 192.168.0.200-192.168.0.250 inside
dhcpd enable inside

That's it!
0
 
Pentrix2Commented:
The only thing I would add is inserting the "dhcpd dns" since dhcp are being hosted by the firewall.  Without this then your dhcp clients won't be able to access the internet.

Pentrix2
0
 
TomxlsAuthor Commented:
Thanks for the help.

This is a new device to connect to the T-1 router.

Does the IP address of the PIX have to be changed to 192.168.0.254 (the network default gateway).

I also have been told in the past to have my ISP disable DHCP in order to the workstations to connect to the internet, will I have to do the same with the PIX?

Will try your cofiguration and see what happens......

Thanks again!!
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
lrmooreCommented:
By default, the PIX is setup to be a DHCP server and to have 192.168.1.1 as the IP address of the PIX. If your network is already 192.168.0.x and your systems are already set to use 192.168.0.254 as their default gateway then it only makes things much easier to configure the PIX to match your network.
The router should not be doing DHCP. T1 is typically set up for you to make those decisions..
0
 
TomxlsAuthor Commented:
So then I have to add a line to the above configuration to change the IP address of the PIX?

What is the command to do that?



Thanks again
0
 
lrmooreCommented:
First you have to disable the DHCP server and then you can change the IP

no dhcpd enable inside
no dhcpd adress 192.168.1.2-192.168.1.254 inside
ip address inside 192.168.0.254 255.255.255.0
0
 
TomxlsAuthor Commented:
OK that makes sense will give it a go.

Thanks so much!!!
0
 
lrmooreCommented:
0
 
TomxlsAuthor Commented:
Was not able to program the PIX using the above configuration.  I seem to have some issues with address pools and such that does not allow me to enter the above command string.

Besides that I may have a wiring issue I am running a crossover cable from the PIX to a Linksys switch and then to the T-1 router.  Nothing else in this is connected to the switch except the router and the PIX.   My thought is that the Linksys switch may not be able to handle the data speed?

Otherwise I am kind of at a loss at this point as to how to program the PIX.

Additionally the command "interface ethernet1 auto" errors saying I have to enter "100full" is this a problem also?

Thanks.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now