Solved

Pix501 Static configuration for my DSL DHCP service

Posted on 2006-11-06
2
180 Views
Last Modified: 2010-04-09
I have a PIX 501 Firewall with the factory default configuration loaded. I connected it to my DSL modem and I can get on the internet without any problems. My DSL service uses DHCP.  I'll be running a web server and would like to assign my server with a static IP address (i.e. 192.168.1.10 with the subnet 255.255.255.0 with default gateway 192.168.1.1).  Can some one please walk me through the process?

Thanks
0
Comment
Question by:twumasisarfo
2 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 250 total points
ID: 17912126
First, it would help if you would post your existing PIX configuration.  Just take out any sensitive data first before posting.

Without this info, here's a stab at how you would do this:

First, if you're wanting to set up a web server for Internet users to access, you should probably get a static public IP address from your DSL service provider (if you haven't already!).  In this manner, your web site would always be accessible via the same IP address.

Next, let's assume that your DSL provider has given you the static IP address of 1.1.1.1 to use on your PIX outside interface.  The PIX is still configured to use DHCP, but the DSL provider has programmed their side to always give you the 1.1.1.1 address when you PIX performs a DHCP request.

Next, we also assume that you only have the one static IP address to use for both the PIX outside interface AND to use to direct incoming web traffic to your web server.

Finally, here are the commands to implement this to allow both regular unencrypted web traffic (http) and encrypted web traffic (https) inbound to the web server, given that the internal IP address of the web server is 192.168.1.10.  We have to use port redirection to redirect TCP 80 and 443 (http and https) traffic inbound to the web server since you only have the one public IP address.

static (inside,outside) tcp interface www 192.168.1.10 www netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.10 https netmask 255.255.255.255
access-list acl_in permit tcp any host 1.1.1.1 eq www
access-list acl_in permit tcp any host 1.1.1.1 eq https
access-group acl_in in interface outside

The first two static commands perform the port redirection for http and https traffic.  Next, the two access-list commands allow that same traffic inbound from anywhere on the Internet.  Finally, the access-group command applies that ACL to the outside interface in an inbound direction.

If you need any other specific help, you may consider posting the PIX configuration as I mentioned above.

Hope this helps!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question