Solved

Cisco PIX501 VPN - Startup Wizard vs Manual Startup

Posted on 2007-03-21
5
309 Views
Last Modified: 2008-02-01
Hello,

I am still learning the PIX501, but I've run into a situation that I am hoping someone can help explain.

When I setup a PIX from factory default settings using PDM, if I go to Configuration -> Interfaces and set the external interface to use PPPoE (which is what I use).  A few seconds later, PDM shows the interface as active.  If I go to Tools -> Ping and I ping an external address, it doesn't work by default.  If I select "Outside" interface from the drop down list and try again, it works fine.  Even though this is the case, I cannot get online with any computers inside of the network.

If I start using a PIX from factory default and I use the Startup Wizard, setting PPPoE in there, I immediately get access to the internet from all machines inside of my network.  Also if I go to Tools -> Ping in PDM, I can ping an outside address fine without selecting the "Outside" interface specifically.

So, my question is, what is the Startup wizard doing extra that I am not.  I hate relying on a wizard as I will be responsible for maintaining these in the future.  Any thoughts or ideas that I could look into would be appreciated.  

Thanks
0
Comment
Question by:compsol1993
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 100 total points
ID: 18769070
I believe that the startup wizard configured NAT for you with the following commands:

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

These are needed for outbound Internet access from your inside hosts.  Are you performing this step when you configure it the manual way?
0
 

Author Comment

by:compsol1993
ID: 18770411
Hmm, ok I will test that, to see if it is the case.

Is there anyway on the PIX to save the configuration off of the device to a file on my desktop?  I'd like to save this working configuration while experimenting, but the only option I see is saving to a TFTP server, which I do not have access to.

Thanks
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 200 total points
ID: 18770436
If you can't install a TFTP server, you can use hyperterm to capture the output of show config and save it to a text file.

When manually setting for PPPoE using the PDM, did  you check the box "Obtain Default Route using PPPoE" ?
0
 

Author Comment

by:compsol1993
ID: 18771042
Yes I did check that box "Obtain Default Route using PPPoE.

Ok, I will do that.  How would I completely load that text file back to the PIX?  I assume there is a quick way, I just haven't done it before.

Thanks
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 200 total points
ID: 18771106
To re-load the config:

pix#clear config all
pix#config term
pix(config)#

Now open the text config file in notepad, Edit | select all | Copy

pix(config)# <right-click, Paste to host>
watch for errors
pix(config)#write mem
pix(config)#exit
pix#

0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
using BGP Attributes 2 130
ACL deny / Permit 10 56
Samsung Tablet no Internet but does connect to WiFi 7 49
Unable to enable HWIC 2FE 2 27
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question