• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 460
  • Last Modified:

How to configure a PIX 501

I have a PIX 501 that I was told was set back to default configuration. I want to set it up to use as my local firewall. It dosn't have the DHCP server enabled and I can't seem to get the syntax correct to set it up. I also am unable to log into it thru IP even when I set the computer to the correct class C IP address to log into the PIX. I am freely able to get in thru the console port. Here is the sho conf:

Home-firewall> en                
Home-firewall# sho conf                      
: Saved      
: Written by enable_15 at 11:09:52.754 UTC Thu Mar 15 2007                                                          
PIX Version 6.3(4)                  
interface ethernet0 auto shutdown                                
interface ethernet1 100full                          
nameif ethernet0 outside security0                                  
nameif ethernet1 inside security100                                  
enable password 8Ry2YjIyt7RRXU24 encrypted                                          
passwd 2KFQnbNIdI.2KYOU encrypted                                
hostname Home-firewall                      
domain-name distmirr.com                        
fixup protocol dns maximum-length 512                                    
fixup protocol ftp 21                    
fixup protocol h323 h225 1720                            
fixup protocol h323 ras 1718-1719                                
fixup protocol http 80                      
fixup protocol rsh 514                      
fixup protocol rtsp 554                      
fixup protocol sip 5060                      
fixup protocol sip udp 5060                          
fixup protocol skinny 2000                          
fixup protocol smtp 25                      
fixup protocol sqlnet 1521                          
fixup protocol tftp 69                      
pager lines 24              
mtu outside 1500                
mtu inside 1500              
no ip address outside                    
ip address inside                                            
ip audit info action alarm                          
ip audit attack action alarm                            
pdm history enable                  
arp timeout 14400                
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
  • 4
  • 3
1 Solution
You're going to have to submit more information in order for us to give you any meaningful input.  Describe your network topology, IP addressing scheme, what type of traffic you want to allow in/out, and please do this without giving away any sensitive info about your company or environment, i.e. don't post your REAL public IP addresses, pre-shared keys, passwords, etc.
psd_steveAuthor Commented:
Sorry I was having issues when I initially sent the question. I think that should help a bit?
To get in through telnet, add the following lines from the command line:

telnet inside

This will allow you to telnet to it from any host on the network.  You can do the same for ssh with:

ca generate rsa key 1024
ca save all
ssh inside

The first two lines generate an RSA key needed for ssh to work and then the last line does the same thing as the telnet command above did.

When you telnet to it, you will use the "access" password configured on the PIX.  By default it is "cisco".  Then you can go to enable by typing "enable" and submitting the enable password.  I assume you already know this since you're able to make config changes.

For DHCP, here is a list of the commands you will need to set it up:

dhcpd address inside
dhcpd dns
dhcpd wins
dhcpd domain whatever.com
dhcpd enable inside

This will set your DHCP scope to give out for hosts on the inside interface and will set the DNS and WINS servers to  The next command sets the client's DNS domain name.  The last command turns it on on the inside interface.

Hope this helps...
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

I forgot to add a link that will show you the entire syntax of the "dhcpd" command:


psd_steveAuthor Commented:
This looks like what I need. I am trying to get it up now as soon as I do the points and my gratitude are yours.
psd_steveAuthor Commented:
Excellent! Thank you very much. I greatly appreciate it

Home-firewall(config)# sho dhcpd stat

Address pools        1
Automatic bindings   1
Expired bindings     0
Malformed messages   0

Message              Received
BOOTREQUEST          0
DHCPREQUEST          1
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           0

Message              Sent
BOOTREPLY            0
DHCPOFFER            3
DHCPACK              1
DHCPNAK              0
You're welcome...good luck with it!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now