Solved

Pix 501 Setup Help

Posted on 2006-07-08
9
341 Views
Last Modified: 2013-11-16
Need some advice on configuring a Pix 501 Firewall.  We are switching our internet connection from DSL to T-1 and currently have our network configured for the DSL connection through a gateway 192.168.0.254.

The T-1 goes through a Cisco D2431 8F-XS router.  

The default gateway they gave us is 68.166.254.217, subnet of 255.255.255.248.
Static IPs of 68.166.254.218-222 and  DNS servers 64.105.189.26 & 64.105.179.138.

Our network is small, 7 users running off a windows 2000 server.

Need to know how to connect and configure the firewall oth the network so our internal users can access the internet.

I have never set up a firewall before on a T-1, I am familiar with how to use the CLI however.

Any help would be greatly appreciated.

Thanks
0
Comment
Question by:Tomxls
  • 4
  • 4
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17066058
There's no difference to the firewall what the router's wan connection is.
Is this PIX already in production, or brand new?
Very basic config from command line:

interface ethernet0 auto
interface ethernet1 auto

no dhcpd enable inside
no dhcpd adress 192.168.1.2-192.168.1.254 inside

ip address outside 68.166.254.218 255.255.255.248
ip address inside 192.168.0.254 255.255.255.0

global (outside) 10 interface
nat (inside) 10 192.168.0.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 68.166.254.217

dhcpd address 192.168.0.200-192.168.0.250 inside
dhcpd enable inside

That's it!
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17067796
The only thing I would add is inserting the "dhcpd dns" since dhcp are being hosted by the firewall.  Without this then your dhcp clients won't be able to access the internet.

Pentrix2
0
 

Author Comment

by:Tomxls
ID: 17075818
Thanks for the help.

This is a new device to connect to the T-1 router.

Does the IP address of the PIX have to be changed to 192.168.0.254 (the network default gateway).

I also have been told in the past to have my ISP disable DHCP in order to the workstations to connect to the internet, will I have to do the same with the PIX?

Will try your cofiguration and see what happens......

Thanks again!!
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 79

Expert Comment

by:lrmoore
ID: 17076695
By default, the PIX is setup to be a DHCP server and to have 192.168.1.1 as the IP address of the PIX. If your network is already 192.168.0.x and your systems are already set to use 192.168.0.254 as their default gateway then it only makes things much easier to configure the PIX to match your network.
The router should not be doing DHCP. T1 is typically set up for you to make those decisions..
0
 

Author Comment

by:Tomxls
ID: 17076903
So then I have to add a line to the above configuration to change the IP address of the PIX?

What is the command to do that?



Thanks again
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17076926
First you have to disable the DHCP server and then you can change the IP

no dhcpd enable inside
no dhcpd adress 192.168.1.2-192.168.1.254 inside
ip address inside 192.168.0.254 255.255.255.0
0
 

Author Comment

by:Tomxls
ID: 17077024
OK that makes sense will give it a go.

Thanks so much!!!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17077535
0
 

Author Comment

by:Tomxls
ID: 17121963
Was not able to program the PIX using the above configuration.  I seem to have some issues with address pools and such that does not allow me to enter the above command string.

Besides that I may have a wiring issue I am running a crossover cable from the PIX to a Linksys switch and then to the T-1 router.  Nothing else in this is connected to the switch except the router and the PIX.   My thought is that the Linksys switch may not be able to handle the data speed?

Otherwise I am kind of at a loss at this point as to how to program the PIX.

Additionally the command "interface ethernet1 auto" errors saying I have to enter "100full" is this a problem also?

Thanks.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Policy Based Routing with extended and standard ACLs 2 33
PEAP authentication 7 43
How to setup 3 isps on a redundant mode? 3 26
Switch ports not working 8 31
When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now