Solved

Configuring DNS for Cisco Pix 501

Posted on 2007-03-28
9
527 Views
Last Modified: 2010-04-09
When setting up a Cisco pix 501, do I need to set the DNS server for a static outside interface? For example:
I have static outside:
6.6.6.9 255.255.255.252 6.6.6.8

static inside (no DHCPD):
1.1.1.10 255.255.255.0

I want to allow all users on the inside to web browse through this pix (enabled PAT)

So I have been told by my ISP that I should set my DNS servers to x.x.x.x & x.x.x.x - where & how should I configure those numbers? I have looked over the PDM interface, and see no place to set the DNS server addresses.
0
Comment
Question by:NTNBower
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 18811429
hi there

If the PIX is not doing dhcp for you, then you don't assign the DNS addresses on the PIX for the users benefit.  The DNS servers are required for users to browse and are defined in the dhcp pool or statically on the pcs themselves.

hth
0
 

Author Comment

by:NTNBower
ID: 18811495
Right now they have a PC with two NIC cards and Zone alarm - we are trying to replace this PC with the Pix. I will test this out and let you know what I determine.

Thanks for the rapid response.
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18811702
no probs - good luck
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:NTNBower
ID: 18811719
Turns out the current set up is using WinProxy for hte users to connect. SO I would need to replace that functionality - is it possible with the PIX
0
 
LVL 19

Accepted Solution

by:
nodisco earned 500 total points
ID: 18812234
No - the PIX is not a proxy server - its quite possible that the only reason the proxy was in place in the first instance is that you didn't have a firewall (zone alarm is no substitute for a proper hardware firewall).
In order to replace the "functionality" you need to know what you are replacing.  If the PC was acting purely as an internet gateway with very basic firewalling, then the PIX will be a far better and more secure solution than what you currently had.  You need to configure the PIX to have an inside ip (the pcs default gateway) and an outside ip on the internet.  You can then nat/pat the internal hosts to public ip and allow them out.  The PIXs ASA algorithm does not allow traffic from the outside to inside by default - unless you specifically allow it.  All traffic is allowed out by default - unless you dictate otherwise, so you have a great control on what your users and public ip can do.
You also have vpn client/pptp termination, hosting, dhcp and a range of other options open to you.  If you are unsure on how to setup the PIX, go into the PDM wizard and follow the steps - or post your config (with passwords removed) and we can assist.

cheers
0
 

Author Comment

by:NTNBower
ID: 18813111
So to continue with this operation, about all they could do is replace zone alarm with the Pix, and then they would need to keep the proxy - so:

Internet >> Cisco Pix >> PC with WinProxy >> Internal network

Currently, there are only a handful of users in my network that are the ones using this connection (it is controlled). The rest are going through the default GW for the entire network. Would it be possible to use the PIX if each individual PC were configured to use the PIX for web & GW for everything else? Then we could eliminate the need for the proxy?
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18813299
Yes - I would use the pix as gateway and get rid of the proxy server.  
0
 

Author Comment

by:NTNBower
ID: 18815480
I knew something was not right and would not work - just could not put my finger on it. I think we have it now and I believe I could use the PIX, but would need to:

Set on all local PC's wanting to use it:
Set PIX as GW
Set DSN for other side of GW (e.g. ISP)
and set up a Static route for the Local WAN/LAN to use the other GW

Thanks for helping me see the forest through the trees - some times it gets foggy in there!
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18819652
no probs - you have it sussed right there ^^.  cheers
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question