Cisco Pix 506E - How to configure it properly?

[emman31]

Hi,

I've just received a CISCO PIX 506E Firewall and I wanted to add it into my existing home network.

Here is my current setup:

1) DSL Modem (WAN Port) to PIX (Ethernet0 Port)
2) PIX (Ethernet1 Port) to Linksys Switch (Port 1)
3) Linksys Switch (Port 2) to PC

This setup is currently working and I can get an internet connection on my PC but my first problem is that if I try to ping for example

http://www.google.com,

I get a request timed out on my PC although I can actually see the google page in a browser.

My second problem is that I'm trying to incorporate a Linksys Wireless-N Broadband Router in this setup.
I've tried many wiring combinations and nothing seems to work. How should I be connecting it to my existing setup and is there something I need to setup on the PIX?

Would appreciate someone's help over this.

 

[brianinms]

You need to allow Icmp back into the firewall

access-list outside-in permit icmp any any echo
access-list outside-in permit icmp any any echo reply

access-list outside-in in interface outside


You dont need a wireless router in that setup, you need a wireless access point.

 

[emman31]

Unfortunately, it didn't work and I think there are some errors in your syntax. Here is my config:

pixfirewall# show config
: Saved
: Written by enable_15 at 03:54:52.959 UTC Sat Nov 17 2007
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 1zRXCPuqgSm6Wxao encrypted
hostname pixfirewall
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group icmp-type icmp-grp
description ICMP Types allowed in the PIX
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
access-list outside_in permit icmp any any object-group icmp-grp
access-list outside-in permit icmp any any echo
access-list outside-in permit icmp any any echo-reply
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
username admin password f/LGsQsyuyGbF4UV encrypted privilege 15
terminal width 80
Cryptochecksum:58f342f6dbd3140550114df08f83980f

 

[emman31]

There's absolutely no other way I can incorporate a router in my configuration? What if I remove my switch from it?

 

[brianinms]

Sorry

access-list outside-in in interface outside


Should have been


access-group outside-in in interface outside

 

[maravila]

How are you trying to connecte the new router?
Do you have a topology?

 

[kwing112000]

I have a PIX as my edge device and still have a linksys and a netgear wireless router in place to handle the wireless. All i did was not use the wan ports on them and turn DHCP off. Now they are just like access points.