cisco PIX 506e

[newkid123]

Hello Everyone

I have a small network at home, which consists of a linksys cable modem, linksys wireless router and 2 desktop connected directly to the wireless router and 2 other desktop which are conneected through wireless router. Now I like to add a Cisco PIX 506e firewall to my network, I am very new with cisco network, I appreciate if someone can let me know how to set this PIX back to original factory default. I do not know any password.

Thanks
newkid123

 

[gau17]

whatever happened on this thread? did it ever work?

 

[Minue]

I think newkid123 got tried and out of patiences and just give up.It's a shame he didn't at least let us know if he ever got it to work.Because in that way we could have all learnt something.
I wish more people would just finish their post, out of respect for all the people who dedicate their time to help them.

Regards

 

[newkid123]

Hello Everyone

Minue you are right I gave up, is taking too long.

 

[Minue]

It's not impossible what you are trying to do!It's just a question of time.It's hard for techs to troubleshoot online.If you are still willing I can try to help you "via" email.
It's a waste to put your security investment in the Attic.
Regards

 

[tango5235]

I seem to be having the same problem. The difference is that I have a static IP address.
Right now I have a Linksys router connected with the static IP address information. I want to be able to remove the router and put in the CiscoPix 506E in its place. I remove the Linksys router and configure the Pix with statice information but I cannot connec to the Internet. When I connect my PC's to the Pix I do receive the internal IP addresses from the Pix's DHCP, but no internet. Is there a setting that I'm missing?

 

[Minue]

Hello
Are you using a cable modem as well?
In any case do a "debug dhcpc detail" Be advice to put in the debug command first then the "ip address outside dhcp setroute"command.Also do a "show ip address outside dhcp" and a "show int e0"Please post the results.
Regards

 

[gau17]

please keep the tread going. I'm going to be trying the samething next week.

 

[gau17]

i picked up a 506e and basically be doing the same thing. My question is how would I optain an ip address if i have dsl which requires and username and password.

would i have to put the pix behind my d-link router?

modem > d-link > 506e pix > switch > pc's?

i don't know if newkid gave up perminantly but i would like to continue with everyone's help.

 

[Minue]

Hello
If you have DSL it's much easier!The modem that is handling the ATM ,make it a Bridge.Let the PIX handle the public address (so as to avoid double natting).The Pix will act as a PPoE client,so it will be able to use pap/chap to authenticate to your ISP.
Which modem are you using infront of the D-link?
Regards

 

[gau17]

how do i set up the pix with the user name and password to optain the ip address from the carrier?

 

[gau17]

sorry im using a Air Plus G DI-524

 

[Minue]

ip address outside pppoe setroute
vpdn group pppoex request dialout pppoe
vpdn group pppoex localname ISP username
vpdn group pppoex ppp authentication pap
vpdn username ISP username password *********

Remember to put the Pix behind the modem handling the ATM and set the modem as a Bridge.The D-links can be certainly handle bridging.
Your setup should lok like the below.From you first post it look like you have two modems.Please verify!

AirPlus G DI-524 > 506e pix > switch > pc's

Regards

 

[gau17]

I have a dsl modem > d-link router > pix >hp switch > pc's. should i not use the d-link and go

dsl modem > pix > switch > pc's?

 

[Minue]

Yes!But the dsl modem must support the Bridging protocol.What's the model name of the DSL modem?You should be able the see an option in the Configuration page call "Bridge Connection"
Regards

 

[bcardona]

hey new kid,

did you get it working?

 

[gau17]

Sorry I will look at my modem tonight. My wife's pregnant and got put on bed rest.

 

[hsdinc]

New to Cisco. I am currenlty trying to change the outside ip address for my PIX 515E, but I am unsuccessful. I just need to change the outside ip address to our new static address from Comcast. Please help.


PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security4
enable password xxx encrypted
passwd xxx encrypted
hostname xxxpix
domain-name xxxxxxx.local
fixup protocol dns maximum-length 2048
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name xx.13.191.162

http://www.rxxxxxxx.com

name xxx.57.46.192 DefaultGateway
name 192.168.168.0 dmz_net
name xxx.57.46.233 TestSys
name 192.168.168.2 xxweb
name xx.13.191.164 Ramxxxxx
name 10.0.0.0 xx_net
name 10.0.0.2 xxserver
object-group service RmtWrkUsrs tcp
description Remote Web Workplace Users
port-object range 4125 4125
port-object eq www
port-object eq https
access-list Inbound permit tcp any host xxx.57.46.234 eq smtp
access-list Inbound permit tcp any host xxx.57.46.235 eq www
access-list Inbound permit tcp host TestSys host xxx.57.46.234 eq www
access-list Inbound permit tcp host TestSys host xxx.57.46.234 eq 4125
access-list Inbound remark Ramquest Remote Access Via Web RDP Plugin
access-list Inbound permit tcp host Ramquest host xxx.57.46.234 object-group RmtWrkUsrs log
access-list Inbound remark Ramquest Remote Access Via Web RDP Plugin
access-list Inbound remark Ramquest Remote Access Via Web RDP Plugin
access-list Inbound permit tcp host 67.175.194.178 host xxx.57.46.234 object-group RmtWrkUsrs log
access-list Inbound remark Temp Access
access-list Inbound remark Remote Web Workplace Access Via Web and RDP Plugin
access-list Inbound remark
access-list Inbound permit tcp host 67.163.88.51 host xxx.57.46.234 object-group RmtWrkUsrs log
access-list Inbound permit tcp host 205.153.56.10 host xxx.57.46.234 object-group RmtWrkUsrs log
access-list Inbound permit tcp host 205.153.56.26 host xxx.57.46.234 object-group RmtWrkUsrs log
access-list Inbound permit tcp host 205.153.56.45 host xxx.57.46.234 object-group RmtWrkUsrs log
access-list Inbound permit tcp 69.211.41.176 255.255.255.248 host xxx.57.46.234 object-group RmtWrkUsrs log
access-list dmz permit ip host wtweb host 192.168.168.3
access-list dmz permit ip host wtweb host xxx.57.0.10
access-list dmz permit ip host wtweb host xxx.57.0.11
access-list dmz permit tcp host wtweb any eq www
access-list dmz permit tcp host wtweb any eq https
access-list dmz permit tcp host wtweb any eq ftp
pager lines 24
logging on
logging buffered warnings
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside xxx.57.46.232 255.255.255.192
ip address inside 10.0.0.1 255.255.255.0
ip address dmz 192.168.168.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpn 10.0.0.81-10.0.0.90
pdm location xxserver 255.255.255.255 inside
pdm location xxweb 255.255.255.255 dmz
pdm location TestSys 255.255.255.255 outside
pdm location xx_net 255.255.255.0 inside
pdm location 10.0.0.63 255.255.255.255 inside
pdm location xx.12.229.119 255.255.255.255 outside
pdm location xx.13.206.1 255.255.255.255 outside
pdm location Ramquest 255.255.255.255 outside
pdm location xxserver 255.255.255.255 outside
pdm location xx.163.88.51 255.255.255.255 outside
pdm location xx.175.194.178 255.255.255.255 outside
pdm location xxx.153.56.10 255.255.255.255 outside
pdm location xxx5.153.56.26 255.255.255.255 outside
pdm location xxx.153.56.45 255.255.255.255 outside
pdm location xx.211.41.176 255.255.255.248 outside
pdm logging notifications 512
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (dmz) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) xxx.57.46.234 xxserver netmask 255.255.255.255 0 0
static (dmz,outside) xxx.57.46.235 xxweb netmask 255.255.255.255 0 0
static (inside,dmz) 192.168.168.3 xxserver netmask 255.255.255.255 0 0
access-group Inbound in interface outside
access-group dmz in interface dmz
route outside 0.0.0.0 0.0.0.0 xxx.57.46.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host wtserver radius!is!great! timeout 5
aaa-server LOCAL protocol local
aaa authentication secure-http-client
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http xx.175.194.178 255.255.255.255 outside
http xxx.153.56.10 255.255.255.255 outside
http xxx.153.56.26 255.255.255.255 outside
http xxx.153.56.45 255.255.255.255 outside
http xx.211.41.176 255.255.255.248 outside
http xxserver 255.255.255.255 inside
http 10.0.0.63 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside xxserver temp
floodguard enable
sysopt connection permit-ipsec
sysopt ipsec pl-compatible
crypto ipsec transform-set wtset esp-des esp-md5-hmac
crypto dynamic-map dynmap 1 set transform-set wtset
crypto map mapset 10 ipsec-isakmp dynamic dynmap
crypto map mapset interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 1000
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
vpngroup wtvpn2720 address-pool vpn
vpngroup wtvpn2720 dns-server xxserver
vpngroup wtvpn2720 wins-server xxserver
vpngroup wtvpn2720 default-domain uswwtitle.local
vpngroup wtvpn2720 idle-time 1800
vpngroup wtvpn2720 password ********
vpngroup ramquestvpn address-pool vpn
vpngroup ramquestvpn dns-server wtserver
vpngroup ramquestvpn wins-server wtserver
vpngroup ramquestvpn default-domain uswwtitle.local
vpngroup ramquestvpn idle-time 1800
vpngroup ramquestvpn password ********
telnet timeout 5
ssh xx.175.194.178 255.255.255.255 outside
ssh xxx.153.56.10 255.255.255.255 outside
ssh xxx.153.56.26 255.255.255.255 outside
ssh xxx.153.56.45 255.255.255.255 outside
ssh xx.211.41.176 255.255.255.248 outside
ssh timeout 5
console timeout 15
username password encrypted privilege 15
username password encrypted privilege 15
terminal width 80
Cryptochecksum:
: end
wtpix#