Solved

Configuring DNS for Cisco Pix 501

Posted on 2007-03-28
9
523 Views
Last Modified: 2010-04-09
When setting up a Cisco pix 501, do I need to set the DNS server for a static outside interface? For example:
I have static outside:
6.6.6.9 255.255.255.252 6.6.6.8

static inside (no DHCPD):
1.1.1.10 255.255.255.0

I want to allow all users on the inside to web browse through this pix (enabled PAT)

So I have been told by my ISP that I should set my DNS servers to x.x.x.x & x.x.x.x - where & how should I configure those numbers? I have looked over the PDM interface, and see no place to set the DNS server addresses.
0
Comment
Question by:NTNBower
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 18811429
hi there

If the PIX is not doing dhcp for you, then you don't assign the DNS addresses on the PIX for the users benefit.  The DNS servers are required for users to browse and are defined in the dhcp pool or statically on the pcs themselves.

hth
0
 

Author Comment

by:NTNBower
ID: 18811495
Right now they have a PC with two NIC cards and Zone alarm - we are trying to replace this PC with the Pix. I will test this out and let you know what I determine.

Thanks for the rapid response.
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18811702
no probs - good luck
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:NTNBower
ID: 18811719
Turns out the current set up is using WinProxy for hte users to connect. SO I would need to replace that functionality - is it possible with the PIX
0
 
LVL 19

Accepted Solution

by:
nodisco earned 500 total points
ID: 18812234
No - the PIX is not a proxy server - its quite possible that the only reason the proxy was in place in the first instance is that you didn't have a firewall (zone alarm is no substitute for a proper hardware firewall).
In order to replace the "functionality" you need to know what you are replacing.  If the PC was acting purely as an internet gateway with very basic firewalling, then the PIX will be a far better and more secure solution than what you currently had.  You need to configure the PIX to have an inside ip (the pcs default gateway) and an outside ip on the internet.  You can then nat/pat the internal hosts to public ip and allow them out.  The PIXs ASA algorithm does not allow traffic from the outside to inside by default - unless you specifically allow it.  All traffic is allowed out by default - unless you dictate otherwise, so you have a great control on what your users and public ip can do.
You also have vpn client/pptp termination, hosting, dhcp and a range of other options open to you.  If you are unsure on how to setup the PIX, go into the PDM wizard and follow the steps - or post your config (with passwords removed) and we can assist.

cheers
0
 

Author Comment

by:NTNBower
ID: 18813111
So to continue with this operation, about all they could do is replace zone alarm with the Pix, and then they would need to keep the proxy - so:

Internet >> Cisco Pix >> PC with WinProxy >> Internal network

Currently, there are only a handful of users in my network that are the ones using this connection (it is controlled). The rest are going through the default GW for the entire network. Would it be possible to use the PIX if each individual PC were configured to use the PIX for web & GW for everything else? Then we could eliminate the need for the proxy?
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18813299
Yes - I would use the pix as gateway and get rid of the proxy server.  
0
 

Author Comment

by:NTNBower
ID: 18815480
I knew something was not right and would not work - just could not put my finger on it. I think we have it now and I believe I could use the PIX, but would need to:

Set on all local PC's wanting to use it:
Set PIX as GW
Set DSN for other side of GW (e.g. ISP)
and set up a Static route for the Local WAN/LAN to use the other GW

Thanks for helping me see the forest through the trees - some times it gets foggy in there!
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18819652
no probs - you have it sussed right there ^^.  cheers
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Router Security Commands. 2 67
Problems with replacment of Cisco 4510 2 40
Which will last longer in a laptop, HDD or SSD? 18 124
Cisco tacacs question 6 49
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question