Solved

Pix501 Static configuration for my DSL DHCP service

Posted on 2006-11-06
2
181 Views
Last Modified: 2010-04-09
I have a PIX 501 Firewall with the factory default configuration loaded. I connected it to my DSL modem and I can get on the internet without any problems. My DSL service uses DHCP.  I'll be running a web server and would like to assign my server with a static IP address (i.e. 192.168.1.10 with the subnet 255.255.255.0 with default gateway 192.168.1.1).  Can some one please walk me through the process?

Thanks
0
Comment
Question by:twumasisarfo
2 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 250 total points
ID: 17912126
First, it would help if you would post your existing PIX configuration.  Just take out any sensitive data first before posting.

Without this info, here's a stab at how you would do this:

First, if you're wanting to set up a web server for Internet users to access, you should probably get a static public IP address from your DSL service provider (if you haven't already!).  In this manner, your web site would always be accessible via the same IP address.

Next, let's assume that your DSL provider has given you the static IP address of 1.1.1.1 to use on your PIX outside interface.  The PIX is still configured to use DHCP, but the DSL provider has programmed their side to always give you the 1.1.1.1 address when you PIX performs a DHCP request.

Next, we also assume that you only have the one static IP address to use for both the PIX outside interface AND to use to direct incoming web traffic to your web server.

Finally, here are the commands to implement this to allow both regular unencrypted web traffic (http) and encrypted web traffic (https) inbound to the web server, given that the internal IP address of the web server is 192.168.1.10.  We have to use port redirection to redirect TCP 80 and 443 (http and https) traffic inbound to the web server since you only have the one public IP address.

static (inside,outside) tcp interface www 192.168.1.10 www netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.10 https netmask 255.255.255.255
access-list acl_in permit tcp any host 1.1.1.1 eq www
access-list acl_in permit tcp any host 1.1.1.1 eq https
access-group acl_in in interface outside

The first two static commands perform the port redirection for http and https traffic.  Next, the two access-list commands allow that same traffic inbound from anywhere on the Internet.  Finally, the access-group command applies that ACL to the outside interface in an inbound direction.

If you need any other specific help, you may consider posting the PIX configuration as I mentioned above.

Hope this helps!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question