Solved

How to configure a PIX 501

Posted on 2007-03-19
7
447 Views
Last Modified: 2010-04-09
I have a PIX 501 that I was told was set back to default configuration. I want to set it up to use as my local firewall. It dosn't have the DHCP server enabled and I can't seem to get the syntax correct to set it up. I also am unable to log into it thru IP even when I set the computer to the correct class C IP address to log into the PIX. I am freely able to get in thru the console port. Here is the sho conf:

Home-firewall> en                
Password:        
Home-firewall# sho conf                      
: Saved      
: Written by enable_15 at 11:09:52.754 UTC Thu Mar 15 2007                                                          
PIX Version 6.3(4)                  
interface ethernet0 auto shutdown                                
interface ethernet1 100full                          
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
enable password 8Ry2YjIyt7RRXU24 encrypted                                          
passwd 2KFQnbNIdI.2KYOU encrypted                                
hostname Home-firewall                      
domain-name distmirr.com                        
fixup protocol dns maximum-length 512                                    
fixup protocol ftp 21                    
fixup protocol h323 h225 1720                            
fixup protocol h323 ras 1718-1719                                
fixup protocol http 80                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol sip 5060                      
fixup protocol sip udp 5060                          
fixup protocol skinny 2000                          
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol tftp 69                      
names    
pager lines 24              
mtu outside 1500                
mtu inside 1500              
no ip address outside                    
ip address inside 192.168.200.1 255.255.255.0                                            
ip audit info action alarm                          
ip audit attack action alarm                            
pdm history enable                  
arp timeout 14400                
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.200.106 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:3eb512d1fe8396aaa0895310893aa740
0
Comment
Question by:psd_steve
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 18753525
You're going to have to submit more information in order for us to give you any meaningful input.  Describe your network topology, IP addressing scheme, what type of traffic you want to allow in/out, and please do this without giving away any sensitive info about your company or environment, i.e. don't post your REAL public IP addresses, pre-shared keys, passwords, etc.
0
 

Author Comment

by:psd_steve
ID: 18753536
Sorry I was having issues when I initially sent the question. I think that should help a bit?
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 18753581
To get in through telnet, add the following lines from the command line:

telnet 192.168.200.0 255.255.255.0 inside

This will allow you to telnet to it from any host on the 192.168.200.0/24 network.  You can do the same for ssh with:

ca generate rsa key 1024
ca save all
ssh 192.168.200.0 255.255.255.0 inside

The first two lines generate an RSA key needed for ssh to work and then the last line does the same thing as the telnet command above did.

When you telnet to it, you will use the "access" password configured on the PIX.  By default it is "cisco".  Then you can go to enable by typing "enable" and submitting the enable password.  I assume you already know this since you're able to make config changes.

For DHCP, here is a list of the commands you will need to set it up:

dhcpd address 192.168.200.50-192.168.200.70 inside
dhcpd dns 192.168.200.100
dhcpd wins 192.168.200.100
dhcpd domain whatever.com
dhcpd enable inside

This will set your DHCP scope to give out 192.168.200.50-70 for hosts on the inside interface and will set the DNS and WINS servers to 192.168.200.100.  The next command sets the client's DNS domain name.  The last command turns it on on the inside interface.

Hope this helps...
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 28

Expert Comment

by:batry_boy
ID: 18753587
I forgot to add a link that will show you the entire syntax of the "dhcpd" command:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html#wp1025497

0
 

Author Comment

by:psd_steve
ID: 18753602
This looks like what I need. I am trying to get it up now as soon as I do the points and my gratitude are yours.
0
 

Author Comment

by:psd_steve
ID: 18753679
Excellent! Thank you very much. I greatly appreciate it

Home-firewall(config)# sho dhcpd stat

Address pools        1
Automatic bindings   1
Expired bindings     0
Malformed messages   0

Message              Received
BOOTREQUEST          0
DHCPDISCOVER         3
DHCPREQUEST          1
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           0

Message              Sent
BOOTREPLY            0
DHCPOFFER            3
DHCPACK              1
DHCPNAK              0
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 18753688
You're welcome...good luck with it!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VLAN Overused monitor 4 51
Cisco 2960 unable to add SFP modules to device 9 107
adjusting startup config 6 54
Bizarre IP Address / Port Blocking Windows 7 13 59
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question