Solved

Configuring DNS for Cisco Pix 501

Posted on 2007-03-28
9
518 Views
Last Modified: 2010-04-09
When setting up a Cisco pix 501, do I need to set the DNS server for a static outside interface? For example:
I have static outside:
6.6.6.9 255.255.255.252 6.6.6.8

static inside (no DHCPD):
1.1.1.10 255.255.255.0

I want to allow all users on the inside to web browse through this pix (enabled PAT)

So I have been told by my ISP that I should set my DNS servers to x.x.x.x & x.x.x.x - where & how should I configure those numbers? I have looked over the PDM interface, and see no place to set the DNS server addresses.
0
Comment
Question by:NTNBower
  • 5
  • 4
9 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 18811429
hi there

If the PIX is not doing dhcp for you, then you don't assign the DNS addresses on the PIX for the users benefit.  The DNS servers are required for users to browse and are defined in the dhcp pool or statically on the pcs themselves.

hth
0
 

Author Comment

by:NTNBower
ID: 18811495
Right now they have a PC with two NIC cards and Zone alarm - we are trying to replace this PC with the Pix. I will test this out and let you know what I determine.

Thanks for the rapid response.
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18811702
no probs - good luck
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:NTNBower
ID: 18811719
Turns out the current set up is using WinProxy for hte users to connect. SO I would need to replace that functionality - is it possible with the PIX
0
 
LVL 19

Accepted Solution

by:
nodisco earned 500 total points
ID: 18812234
No - the PIX is not a proxy server - its quite possible that the only reason the proxy was in place in the first instance is that you didn't have a firewall (zone alarm is no substitute for a proper hardware firewall).
In order to replace the "functionality" you need to know what you are replacing.  If the PC was acting purely as an internet gateway with very basic firewalling, then the PIX will be a far better and more secure solution than what you currently had.  You need to configure the PIX to have an inside ip (the pcs default gateway) and an outside ip on the internet.  You can then nat/pat the internal hosts to public ip and allow them out.  The PIXs ASA algorithm does not allow traffic from the outside to inside by default - unless you specifically allow it.  All traffic is allowed out by default - unless you dictate otherwise, so you have a great control on what your users and public ip can do.
You also have vpn client/pptp termination, hosting, dhcp and a range of other options open to you.  If you are unsure on how to setup the PIX, go into the PDM wizard and follow the steps - or post your config (with passwords removed) and we can assist.

cheers
0
 

Author Comment

by:NTNBower
ID: 18813111
So to continue with this operation, about all they could do is replace zone alarm with the Pix, and then they would need to keep the proxy - so:

Internet >> Cisco Pix >> PC with WinProxy >> Internal network

Currently, there are only a handful of users in my network that are the ones using this connection (it is controlled). The rest are going through the default GW for the entire network. Would it be possible to use the PIX if each individual PC were configured to use the PIX for web & GW for everything else? Then we could eliminate the need for the proxy?
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18813299
Yes - I would use the pix as gateway and get rid of the proxy server.  
0
 

Author Comment

by:NTNBower
ID: 18815480
I knew something was not right and would not work - just could not put my finger on it. I think we have it now and I believe I could use the PIX, but would need to:

Set on all local PC's wanting to use it:
Set PIX as GW
Set DSN for other side of GW (e.g. ISP)
and set up a Static route for the Local WAN/LAN to use the other GW

Thanks for helping me see the forest through the trees - some times it gets foggy in there!
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18819652
no probs - you have it sussed right there ^^.  cheers
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5510 upstream unable to exceed 20 mbps 23 59
route-map permit with a number 1 36
ASA ISP failover 3 24
VoIP Polycom Phones not working 30 22
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question