What is the minimum config to get my PIX working?

PIX Basic configuration:

1. Plug into the console port on the PIX.
2. Make sure the terminal emulation software is set to use 9600 Bits per second.
3. When asked:

Pre-configure PIX Firewall now through interactive prompts [yes]?"

4. Type ônoö and hit enter.
5. Then youÆll see this:

Type help or '?' for a list of available commands.
pixfirewall>

6. Type ôenableö and hit enter

pixfirewall>enable

7. When it asks for a password...just hit enter.
8. Now youÆll see this:

pixfirewall#

9. Type ôconfig tö and hit enter

pixfirewall#config t

10. YouÆll see this:

pixfirewall(config)#

11. Assign the IP addresses (& masks) to your interfaces:

pixfirewall(config)# ip address outside IPAddress Mask
pixfirewall(config)# ip address inside IPAddress Mask

12. Now set the enable password:

pixfirewall(config)# enable password YourEnablePassword

13. And the Telnet access password:

pixfirewall(config)# password YourTelnetPassword

14. Change the hostname to something that makes sense to you:

pixfirewall(config)# hostname YourHostname

PIX(config)#

15. Set the interface speed and the Duplex mode

1. e0 is the outside interface and e1 is the inside interface by default.
2. Make sure the int speed on the corresponding switchport is set the same too.
3. The options are 100full, 100baset, 10full, or 10baset

PIX(config)# int e0 100full
PIX(config)# int e1 100full

16. Create NAT and Global translation rules:

PIX(config)# nat (inside) 1 0 0
æThis allows all outbound traffic to be NATed
PIX(config)# global (outside) 1 interface
æThis takes all outbound traffic and PATs it through the e0 (outside) interface

17. Now set the allowed range of IP address that can connect to the PIX via Telnet

PIX(config)# telnet AllowedIP Mask inside

18. Set the time allowed for telnet connections:

PIX(config)# telnet timeout TimeInMinutes

19. Set the default gateway for external traffic:

PIX(config)# route outside 0.0.0.0 0.0.0.0 DefaultGatewayIP 1


Now if this were all put together, replacing the variables with the information below...



IP address (outside):201.96.32.5/27
Int e0 speed:10Mbps
Int e0 duplex:Full
IP address (inside):10.20.1.30/24
Int e1 speed:100Mbps
Int e1 duplex:Full
Hostname:MyPIX
Default Gateway:201.96.32.30
Enable Password:Hairy_People
Telnet Password:TomJone$
NAT:All inside traffic
PAT:Through 201.96.32.5
Allowed Telnet Access:10.20.1.0/24
Telnet timeout:10 minutes

...It would look like this--below--and could be pasted in at the config prompt:

ip address outside 201.96.32.5 255.255.255.224
int e0 10full
ip address inside 10.20.1.30 255.255.255.0
int e1 100full
hostname MyPIX
route outside 0.0.0.0 0.0.0.0 201.96.32.30 1
enable password Hairy_People
password TomJone$
nat (inside) 1 0 0
global (outside) 1 interface
telnet 10.20.1.0 255.255.255.0 inside
telnet timeout 10

ThatÆs enough to get traffic flowing.

*Notes:

Until you type "write memory" and hit enter, the config will be dumped when the PIX is rebooted or looses power.

If your config is totally messed up, typing "write erase" and hitting enter, followed by "reload" and enter, will erase the stored config and leave you with the factory config upon boot. Please use this with caution.

As stated above, this is a BASIC config. It will get traffic flowing but has no Access-lists or Static mappings and does not use many of the security features the PIX is capable of. Remember: It is only intended to help you get started.