Solved

How to configure a PIX 501

Posted on 2007-03-19
7
451 Views
Last Modified: 2010-04-09
I have a PIX 501 that I was told was set back to default configuration. I want to set it up to use as my local firewall. It dosn't have the DHCP server enabled and I can't seem to get the syntax correct to set it up. I also am unable to log into it thru IP even when I set the computer to the correct class C IP address to log into the PIX. I am freely able to get in thru the console port. Here is the sho conf:

Home-firewall> en                
Password:        
Home-firewall# sho conf                      
: Saved      
: Written by enable_15 at 11:09:52.754 UTC Thu Mar 15 2007                                                          
PIX Version 6.3(4)                  
interface ethernet0 auto shutdown                                
interface ethernet1 100full                          
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
enable password 8Ry2YjIyt7RRXU24 encrypted                                          
passwd 2KFQnbNIdI.2KYOU encrypted                                
hostname Home-firewall                      
domain-name distmirr.com                        
fixup protocol dns maximum-length 512                                    
fixup protocol ftp 21                    
fixup protocol h323 h225 1720                            
fixup protocol h323 ras 1718-1719                                
fixup protocol http 80                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol sip 5060                      
fixup protocol sip udp 5060                          
fixup protocol skinny 2000                          
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol tftp 69                      
names    
pager lines 24              
mtu outside 1500                
mtu inside 1500              
no ip address outside                    
ip address inside 192.168.200.1 255.255.255.0                                            
ip audit info action alarm                          
ip audit attack action alarm                            
pdm history enable                  
arp timeout 14400                
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.200.106 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:3eb512d1fe8396aaa0895310893aa740
0
Comment
Question by:psd_steve
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 28

Expert Comment

by:batry_boy
ID: 18753525
You're going to have to submit more information in order for us to give you any meaningful input.  Describe your network topology, IP addressing scheme, what type of traffic you want to allow in/out, and please do this without giving away any sensitive info about your company or environment, i.e. don't post your REAL public IP addresses, pre-shared keys, passwords, etc.
0
 

Author Comment

by:psd_steve
ID: 18753536
Sorry I was having issues when I initially sent the question. I think that should help a bit?
0
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 18753581
To get in through telnet, add the following lines from the command line:

telnet 192.168.200.0 255.255.255.0 inside

This will allow you to telnet to it from any host on the 192.168.200.0/24 network.  You can do the same for ssh with:

ca generate rsa key 1024
ca save all
ssh 192.168.200.0 255.255.255.0 inside

The first two lines generate an RSA key needed for ssh to work and then the last line does the same thing as the telnet command above did.

When you telnet to it, you will use the "access" password configured on the PIX.  By default it is "cisco".  Then you can go to enable by typing "enable" and submitting the enable password.  I assume you already know this since you're able to make config changes.

For DHCP, here is a list of the commands you will need to set it up:

dhcpd address 192.168.200.50-192.168.200.70 inside
dhcpd dns 192.168.200.100
dhcpd wins 192.168.200.100
dhcpd domain whatever.com
dhcpd enable inside

This will set your DHCP scope to give out 192.168.200.50-70 for hosts on the inside interface and will set the DNS and WINS servers to 192.168.200.100.  The next command sets the client's DNS domain name.  The last command turns it on on the inside interface.

Hope this helps...
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 28

Expert Comment

by:batry_boy
ID: 18753587
I forgot to add a link that will show you the entire syntax of the "dhcpd" command:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html#wp1025497

0
 

Author Comment

by:psd_steve
ID: 18753602
This looks like what I need. I am trying to get it up now as soon as I do the points and my gratitude are yours.
0
 

Author Comment

by:psd_steve
ID: 18753679
Excellent! Thank you very much. I greatly appreciate it

Home-firewall(config)# sho dhcpd stat

Address pools        1
Automatic bindings   1
Expired bindings     0
Malformed messages   0

Message              Received
BOOTREQUEST          0
DHCPDISCOVER         3
DHCPREQUEST          1
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           0

Message              Sent
BOOTREPLY            0
DHCPOFFER            3
DHCPACK              1
DHCPNAK              0
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 18753688
You're welcome...good luck with it!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question