Solved

How to configure a PIX 501

Posted on 2007-03-19
7
445 Views
Last Modified: 2010-04-09
I have a PIX 501 that I was told was set back to default configuration. I want to set it up to use as my local firewall. It dosn't have the DHCP server enabled and I can't seem to get the syntax correct to set it up. I also am unable to log into it thru IP even when I set the computer to the correct class C IP address to log into the PIX. I am freely able to get in thru the console port. Here is the sho conf:

Home-firewall> en                
Password:        
Home-firewall# sho conf                      
: Saved      
: Written by enable_15 at 11:09:52.754 UTC Thu Mar 15 2007                                                          
PIX Version 6.3(4)                  
interface ethernet0 auto shutdown                                
interface ethernet1 100full                          
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
enable password 8Ry2YjIyt7RRXU24 encrypted                                          
passwd 2KFQnbNIdI.2KYOU encrypted                                
hostname Home-firewall                      
domain-name distmirr.com                        
fixup protocol dns maximum-length 512                                    
fixup protocol ftp 21                    
fixup protocol h323 h225 1720                            
fixup protocol h323 ras 1718-1719                                
fixup protocol http 80                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol sip 5060                      
fixup protocol sip udp 5060                          
fixup protocol skinny 2000                          
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol tftp 69                      
names    
pager lines 24              
mtu outside 1500                
mtu inside 1500              
no ip address outside                    
ip address inside 192.168.200.1 255.255.255.0                                            
ip audit info action alarm                          
ip audit attack action alarm                            
pdm history enable                  
arp timeout 14400                
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.200.106 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:3eb512d1fe8396aaa0895310893aa740
0
Comment
Question by:psd_steve
  • 4
  • 3
7 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 18753525
You're going to have to submit more information in order for us to give you any meaningful input.  Describe your network topology, IP addressing scheme, what type of traffic you want to allow in/out, and please do this without giving away any sensitive info about your company or environment, i.e. don't post your REAL public IP addresses, pre-shared keys, passwords, etc.
0
 

Author Comment

by:psd_steve
ID: 18753536
Sorry I was having issues when I initially sent the question. I think that should help a bit?
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 18753581
To get in through telnet, add the following lines from the command line:

telnet 192.168.200.0 255.255.255.0 inside

This will allow you to telnet to it from any host on the 192.168.200.0/24 network.  You can do the same for ssh with:

ca generate rsa key 1024
ca save all
ssh 192.168.200.0 255.255.255.0 inside

The first two lines generate an RSA key needed for ssh to work and then the last line does the same thing as the telnet command above did.

When you telnet to it, you will use the "access" password configured on the PIX.  By default it is "cisco".  Then you can go to enable by typing "enable" and submitting the enable password.  I assume you already know this since you're able to make config changes.

For DHCP, here is a list of the commands you will need to set it up:

dhcpd address 192.168.200.50-192.168.200.70 inside
dhcpd dns 192.168.200.100
dhcpd wins 192.168.200.100
dhcpd domain whatever.com
dhcpd enable inside

This will set your DHCP scope to give out 192.168.200.50-70 for hosts on the inside interface and will set the DNS and WINS servers to 192.168.200.100.  The next command sets the client's DNS domain name.  The last command turns it on on the inside interface.

Hope this helps...
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 28

Expert Comment

by:batry_boy
ID: 18753587
I forgot to add a link that will show you the entire syntax of the "dhcpd" command:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html#wp1025497

0
 

Author Comment

by:psd_steve
ID: 18753602
This looks like what I need. I am trying to get it up now as soon as I do the points and my gratitude are yours.
0
 

Author Comment

by:psd_steve
ID: 18753679
Excellent! Thank you very much. I greatly appreciate it

Home-firewall(config)# sho dhcpd stat

Address pools        1
Automatic bindings   1
Expired bindings     0
Malformed messages   0

Message              Received
BOOTREQUEST          0
DHCPDISCOVER         3
DHCPREQUEST          1
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           0

Message              Sent
BOOTREPLY            0
DHCPOFFER            3
DHCPACK              1
DHCPNAK              0
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 18753688
You're welcome...good luck with it!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now