CISCO PIX 515E

pbtech
pbtech used Ask the Experts™
on
I want to configure an IP address on the PIX 515E.
It is not currently configured and does not have an IP address.

What is the code for configuring an IP Address?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
The commands are:

ip address inside <ip address> <mask>

ip address outside <ip address> <mask>

so

ip address inside 192.168.1.1 255.255.255.0

Here's a basic guide:

http://www.netcraftsmen.net/resources/archived-articles/369-cisco-pix-firewall-basics.html

Author

Commented:
What is the differance between inside and out side.

Can I just assign one IP address like 192.168.0.252

You can assign whatever IP address you want.

Inside is your local LAN, and Outside is the internet. So in many situations you would set your Outside address to DHCP. Something like this:

ip address outside dhcp setroute

That guide I posted will explain it all. Here's another one as well:

http://www.linuxhomenetworking.com/cisco-hn/dsl-pix.htm
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
OK, Very good.

Thank you for your help.

PBTECH

Author

Commented:
This what I typed:
interface ethernet0 100full
ip address inside 192.168.0.225 255.255.255.0


Now I cant ping the PIX from my laptop and the laptop is set at 192.168.100.64
Now I cant ping my laptop from the PIX

I can ping the PIX at the console using the laptop


Author

Commented:
I get a cant route error message
PBtech,

Is this device in production? As the inside address is the one that is connect to the inside of the network and it is on the protected side. There is also probably an interface called outside that is the un-protected side and most likely connected to the internet. So in your config you should see these line for the inside interface. All Three line tell the interface how to work.

nameif ethernet1 inside security100
interface ethernet1 auto
ip address inside 192.168.100.1 255.255.255.0 --> I am assuming your address was 192.168.100.1 based on you pc address, you could confirm this by telling me the  Gateway address on you PC.

When you put in
ip address inside 192.168.0.225 255.255.255.0

this changed the inside interface from 192.168.100.1 to 192.168.0.225 and most likely made the pix no longer work.

So to make it work again reboot the PIX and it will revert to the last config you saved.

The if you would like to play aground with an the additional interface, please explain what you are trying to accomplish and we can got from there.

Regards,

3nerds

Author

Commented:
Need to create routes to other subnets:

What is the syntex for doing this:

route outside 192.168.100.0 255.255.255.0 192.168.0.254

route outside 0.0.0.0 0.0.0.0 x.x.x.x -> the zero's mean route everything, this can be a specific subnet if needed. The X is the gateway one the other end.

Regards,

3nerds

Author

Commented:
Now do i need to add this line?

I am using ethernet0

#global(outside) 1 interface
Depends, are you planning to use nat on this device?

if you are you will need both of these in some form.

global(outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

Also this "I am using ethernet0" doesn't really matter, it depends on what you named ethernet0.

If you would care to elaborate on what you are trying to do and were you are at in the config I will be glad to look it over for you.

Regards,

3nerds

Author

Commented:
Thank you for all your help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial