Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Help, Urgent, Configuring Pix with a dsl static IP address
- Thread starter tryindian
- Start date
The DNS addies go into your desktop. Shouldnt need to have to do anything with them on the PIX. Assuming you have done some config on it already. The default route on the PIX should be the gateway addie your ISP gave you. The Global IP basically allows you to use any IP on the inside of the PIX and that address is translated to the global IP provided by your ISP when you establish a connection outside through the PIX hiding the networks real IP's. just use the command - global (outside interface name) (ip addy) 1 netmask (mask addy)
Not sure what other info u might need drop me an email if you need more help.
Not sure what other info u might need drop me an email if you need more help.
My first question is How did you organise a static IP DSL ?
As far as I know this will work
nameif ethernet0 outside security0
nameif ethernet1 inside security100
interface ethernet0 AUTO
interface ethernet1 AUTO
ip address outside <External IP given to u from ISP i.e 195.100.100.212 255.255.255.248>
ip address inside <Internal Ip Address for router i.e 10.1.1.254 255.255.255.0>
<Section to Create DHCP server ignore if clients r static>
dhcpd address 10.1.1.1-10.1.1.20
dhcpd dns <your isp dns 1> <your isp dns 2>
dhcpd wins <wins server of your choice>
dhcpd lease 3000
dhcpd domain yourdomain.com
dhcpd enable
hostname Gate
arp timeout 14400
no failover
pager lines 24
logging buffered debugging
nat (inside) 0 10.1.1.0 255.255.255.0
global (outside) 1 interface < not entirly sure weather this is needed for static ex-IP>
rip inside default
no rip inside passive
no rip outside default
no rip outside passive
route outside 0.0.0.0 0.0.0.0 <Your ISP gateway address here i.e 195.100.100.211>
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server community public
mtu outside 1500
mtu inside 1500
Cheers
CSDSC
As far as I know this will work
nameif ethernet0 outside security0
nameif ethernet1 inside security100
interface ethernet0 AUTO
interface ethernet1 AUTO
ip address outside <External IP given to u from ISP i.e 195.100.100.212 255.255.255.248>
ip address inside <Internal Ip Address for router i.e 10.1.1.254 255.255.255.0>
<Section to Create DHCP server ignore if clients r static>
dhcpd address 10.1.1.1-10.1.1.20
dhcpd dns <your isp dns 1> <your isp dns 2>
dhcpd wins <wins server of your choice>
dhcpd lease 3000
dhcpd domain yourdomain.com
dhcpd enable
hostname Gate
arp timeout 14400
no failover
pager lines 24
logging buffered debugging
nat (inside) 0 10.1.1.0 255.255.255.0
global (outside) 1 interface < not entirly sure weather this is needed for static ex-IP>
rip inside default
no rip inside passive
no rip outside default
no rip outside passive
route outside 0.0.0.0 0.0.0.0 <Your ISP gateway address here i.e 195.100.100.211>
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server community public
mtu outside 1500
mtu inside 1500
Cheers
CSDSC
- Thread starter
- #5
Thanks a lot people
First to reaper36, Since i have only one Globalip add i already used that for outside ether card, now which one i will use for the command "global(outside)Can u clarify that to me and also should i use nat or not
csdc, thats a great help but my version is 4.4 and guess it doesnt use dhcpd, we bought it from a liberary and so we dont have cisco support and so there is no opp to download the latest version of the software. and also if u get a BUSINESS DSL U WILL GET A STATIC IP ADDRESS.
First to reaper36, Since i have only one Globalip add i already used that for outside ether card, now which one i will use for the command "global(outside)Can u clarify that to me and also should i use nat or not
csdc, thats a great help but my version is 4.4 and guess it doesnt use dhcpd, we bought it from a liberary and so we dont have cisco support and so there is no opp to download the latest version of the software. and also if u get a BUSINESS DSL U WILL GET A STATIC IP ADDRESS.
You wont be able to do it with only 1 ip addy. The outside int must have an ip within the same subnet range as the router at the isp end to establish the 'loop'. You will have to contact your isp and explain to them what you have and they should (at least they did over here.....) give you another IP.
The PIX will use a kind of NAT, (its actually called Port Address Translation for only 1 IP) automatically when you use the global command i specified in my earlier post with only 1 ip and not a range of them. All it does is basically split the 1 addy into several unique port adresses and allocates 1 to each outbound connection.
Hope that helps you a little more. Keep posting if its not enough we'll get it right eventually!
The PIX will use a kind of NAT, (its actually called Port Address Translation for only 1 IP) automatically when you use the global command i specified in my earlier post with only 1 ip and not a range of them. All it does is basically split the 1 addy into several unique port adresses and allocates 1 to each outbound connection.
Hope that helps you a little more. Keep posting if its not enough we'll get it right eventually!
- Thread starter
- #7
hi
Thanks again reaper36, i spoke to my isp and they said they cant do anything about it. I want to try version 6 like shoX says but since i dont have a contract, i dont have a cco username and password i am unable to download it. I am at my witts end now, really dont know what to do and this thing has to be up as soon as possible.
Thanks a lot for ur reply
Thanks again reaper36, i spoke to my isp and they said they cant do anything about it. I want to try version 6 like shoX says but since i dont have a contract, i dont have a cco username and password i am unable to download it. I am at my witts end now, really dont know what to do and this thing has to be up as soon as possible.
Thanks a lot for ur reply
- Status
Similar threads
- Locked
- Question
- Locked
- Question