Solved

Cisco PIX501 VPN - Startup Wizard vs Manual Startup

Posted on 2007-03-21
5
305 Views
Last Modified: 2008-02-01
Hello,

I am still learning the PIX501, but I've run into a situation that I am hoping someone can help explain.

When I setup a PIX from factory default settings using PDM, if I go to Configuration -> Interfaces and set the external interface to use PPPoE (which is what I use).  A few seconds later, PDM shows the interface as active.  If I go to Tools -> Ping and I ping an external address, it doesn't work by default.  If I select "Outside" interface from the drop down list and try again, it works fine.  Even though this is the case, I cannot get online with any computers inside of the network.

If I start using a PIX from factory default and I use the Startup Wizard, setting PPPoE in there, I immediately get access to the internet from all machines inside of my network.  Also if I go to Tools -> Ping in PDM, I can ping an outside address fine without selecting the "Outside" interface specifically.

So, my question is, what is the Startup wizard doing extra that I am not.  I hate relying on a wizard as I will be responsible for maintaining these in the future.  Any thoughts or ideas that I could look into would be appreciated.  

Thanks
0
Comment
Question by:compsol1993
  • 2
  • 2
5 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 100 total points
ID: 18769070
I believe that the startup wizard configured NAT for you with the following commands:

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

These are needed for outbound Internet access from your inside hosts.  Are you performing this step when you configure it the manual way?
0
 

Author Comment

by:compsol1993
ID: 18770411
Hmm, ok I will test that, to see if it is the case.

Is there anyway on the PIX to save the configuration off of the device to a file on my desktop?  I'd like to save this working configuration while experimenting, but the only option I see is saving to a TFTP server, which I do not have access to.

Thanks
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 200 total points
ID: 18770436
If you can't install a TFTP server, you can use hyperterm to capture the output of show config and save it to a text file.

When manually setting for PPPoE using the PDM, did  you check the box "Obtain Default Route using PPPoE" ?
0
 

Author Comment

by:compsol1993
ID: 18771042
Yes I did check that box "Obtain Default Route using PPPoE.

Ok, I will do that.  How would I completely load that text file back to the PIX?  I assume there is a quick way, I just haven't done it before.

Thanks
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 200 total points
ID: 18771106
To re-load the config:

pix#clear config all
pix#config term
pix(config)#

Now open the text config file in notepad, Edit | select all | Copy

pix(config)# <right-click, Paste to host>
watch for errors
pix(config)#write mem
pix(config)#exit
pix#

0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now