Solved

Configuring DNS for Cisco Pix 501

Posted on 2007-03-28
9
512 Views
Last Modified: 2010-04-09
When setting up a Cisco pix 501, do I need to set the DNS server for a static outside interface? For example:
I have static outside:
6.6.6.9 255.255.255.252 6.6.6.8

static inside (no DHCPD):
1.1.1.10 255.255.255.0

I want to allow all users on the inside to web browse through this pix (enabled PAT)

So I have been told by my ISP that I should set my DNS servers to x.x.x.x & x.x.x.x - where & how should I configure those numbers? I have looked over the PDM interface, and see no place to set the DNS server addresses.
0
Comment
Question by:NTNBower
  • 5
  • 4
9 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 18811429
hi there

If the PIX is not doing dhcp for you, then you don't assign the DNS addresses on the PIX for the users benefit.  The DNS servers are required for users to browse and are defined in the dhcp pool or statically on the pcs themselves.

hth
0
 

Author Comment

by:NTNBower
ID: 18811495
Right now they have a PC with two NIC cards and Zone alarm - we are trying to replace this PC with the Pix. I will test this out and let you know what I determine.

Thanks for the rapid response.
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18811702
no probs - good luck
0
 

Author Comment

by:NTNBower
ID: 18811719
Turns out the current set up is using WinProxy for hte users to connect. SO I would need to replace that functionality - is it possible with the PIX
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 19

Accepted Solution

by:
nodisco earned 500 total points
ID: 18812234
No - the PIX is not a proxy server - its quite possible that the only reason the proxy was in place in the first instance is that you didn't have a firewall (zone alarm is no substitute for a proper hardware firewall).
In order to replace the "functionality" you need to know what you are replacing.  If the PC was acting purely as an internet gateway with very basic firewalling, then the PIX will be a far better and more secure solution than what you currently had.  You need to configure the PIX to have an inside ip (the pcs default gateway) and an outside ip on the internet.  You can then nat/pat the internal hosts to public ip and allow them out.  The PIXs ASA algorithm does not allow traffic from the outside to inside by default - unless you specifically allow it.  All traffic is allowed out by default - unless you dictate otherwise, so you have a great control on what your users and public ip can do.
You also have vpn client/pptp termination, hosting, dhcp and a range of other options open to you.  If you are unsure on how to setup the PIX, go into the PDM wizard and follow the steps - or post your config (with passwords removed) and we can assist.

cheers
0
 

Author Comment

by:NTNBower
ID: 18813111
So to continue with this operation, about all they could do is replace zone alarm with the Pix, and then they would need to keep the proxy - so:

Internet >> Cisco Pix >> PC with WinProxy >> Internal network

Currently, there are only a handful of users in my network that are the ones using this connection (it is controlled). The rest are going through the default GW for the entire network. Would it be possible to use the PIX if each individual PC were configured to use the PIX for web & GW for everything else? Then we could eliminate the need for the proxy?
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18813299
Yes - I would use the pix as gateway and get rid of the proxy server.  
0
 

Author Comment

by:NTNBower
ID: 18815480
I knew something was not right and would not work - just could not put my finger on it. I think we have it now and I believe I could use the PIX, but would need to:

Set on all local PC's wanting to use it:
Set PIX as GW
Set DSN for other side of GW (e.g. ISP)
and set up a Static route for the Local WAN/LAN to use the other GW

Thanks for helping me see the forest through the trees - some times it gets foggy in there!
0
 
LVL 19

Expert Comment

by:nodisco
ID: 18819652
no probs - you have it sussed right there ^^.  cheers
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now