Solved

Pix501 Static configuration for my DSL DHCP service

Posted on 2006-11-06
2
178 Views
Last Modified: 2010-04-09
I have a PIX 501 Firewall with the factory default configuration loaded. I connected it to my DSL modem and I can get on the internet without any problems. My DSL service uses DHCP.  I'll be running a web server and would like to assign my server with a static IP address (i.e. 192.168.1.10 with the subnet 255.255.255.0 with default gateway 192.168.1.1).  Can some one please walk me through the process?

Thanks
0
Comment
Question by:twumasisarfo
2 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 250 total points
ID: 17912126
First, it would help if you would post your existing PIX configuration.  Just take out any sensitive data first before posting.

Without this info, here's a stab at how you would do this:

First, if you're wanting to set up a web server for Internet users to access, you should probably get a static public IP address from your DSL service provider (if you haven't already!).  In this manner, your web site would always be accessible via the same IP address.

Next, let's assume that your DSL provider has given you the static IP address of 1.1.1.1 to use on your PIX outside interface.  The PIX is still configured to use DHCP, but the DSL provider has programmed their side to always give you the 1.1.1.1 address when you PIX performs a DHCP request.

Next, we also assume that you only have the one static IP address to use for both the PIX outside interface AND to use to direct incoming web traffic to your web server.

Finally, here are the commands to implement this to allow both regular unencrypted web traffic (http) and encrypted web traffic (https) inbound to the web server, given that the internal IP address of the web server is 192.168.1.10.  We have to use port redirection to redirect TCP 80 and 443 (http and https) traffic inbound to the web server since you only have the one public IP address.

static (inside,outside) tcp interface www 192.168.1.10 www netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.10 https netmask 255.255.255.255
access-list acl_in permit tcp any host 1.1.1.1 eq www
access-list acl_in permit tcp any host 1.1.1.1 eq https
access-group acl_in in interface outside

The first two static commands perform the port redirection for http and https traffic.  Next, the two access-list commands allow that same traffic inbound from anywhere on the Internet.  Finally, the access-group command applies that ACL to the outside interface in an inbound direction.

If you need any other specific help, you may consider posting the PIX configuration as I mentioned above.

Hope this helps!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Firewall Dropping Allowed Packets 7 185
Questions on windows ports 13 75
Checkpoint Endpoint Managment 3 65
Videos Blocked on espn.com 7 142
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now