Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 501 configuration

Status
Not open for further replies.

pctech64

Technical User
Jul 16, 2009
65
US
Hello all;
After trying to make my home router to let me access two ip addresses from my LAN from the Internet via Mac laptop, I gave up on that and bought a Pix 501 from a local IT guy in town and now I'm thinking configuring this appliance to run VPN's.
Problem is I know jack how to do it!! lol
I never saw a Pix until today when I bought it and i was impressed how small they are!
The Internet gets to my cable modem ( Cox Communication, Las Vegas )and from there it goes to my Wireless home router Dlink DIR-655; port 1 of the router feeds my main pc, ports 2,3,4 run all the way to my Cisco home Lab 16 units rack; 2 connections for the AP9211 master switches, which controls all the rack's unit's power and 1 connection feeds Internet to a C3524XL switch and from there I play with the units or plan to.
I was thinking in setting the Pix between the modem and the router, and run the three Ethernet cables to the lab from there so I can "set" them to access those units they are connected to VPN. I truly don't know how to do this properly, specially the lines needed in the pix to be able to work.
My Dlink currently is set as the DHCP client on my network and as Firewall as well but I don't know which one is better to do this jobs.
My goal is to be able to access my network from the outside anywhere, specially from my training facility so I can play with the lab learn and study ( CCNA in very slow progress here )
I have installed on my Mac Book Pro ZTerm and I usually connect to my home network from the inside with no problems with Terminal Services; in my Windows Vista Ultimate machine I have Hyper Terminal and TeraTerm Pro for access; I want to also be able to access the lab telneting from any browser; http or https.
I need to know which way would be recommended and why so, but more important is to know which exact lines to write in the Pix.
I got the unit with a password on it and was able to wipe and do a factory-default; it does have my main PC ip address for the tftp and the router's gateway 192.168.0.1 and i gave it an ip address of 192.168.0.112 or something like that (got to check). Right now the pix is connected via console cable to my main PC and int0 connected to the router port 1 with a straight Ethe.cable, but it is just for configuration.
I know my public ip address and the router ip address 192.168.0.1; I got assigned ip addresses to all interfaces and units in my home lab rack, mostly using the 192.168.0.x and 255.255.255.0 subnet; I know! I know! but remember I'm learning!! so far I can connect to everything from the inside so I need all the help I can get on this one;
please do not hyperlink me to Cisco site for instructions; I was there reading and all might be as well written in Chinese!! Cisco site is for a seasoned tech; I'm a beginner; go easy on me !! lol
I thank in advance to all of you that will spend time looking into this scenario; have fun; I sure will have fun trying to set by all your recommendations!
 
wow! it looks like I will have no luck on advises from fellow techs here!
 
Thanks sub; the link was useful for some commands; I still going to need more detailed configuration than that to set my network; for now I got the Internet working as far as my main PC goes but the wireless LAN I can't get it to work yet; I need to know if is because the cable I use ( crossover ) to connect from Pix port 4 to Dlink Internet port and how do I access the Dlink router page that I lost all the sudden; it supposed to be 192.168.0.1; the last stage would be configure VPN tunnels to be able to access at least 3 different addresses from the Internet in my home LAN.
I got ideas on what I need but I lack the how to and what to do next; reading takes lots of time; google is not much help; that's why I'm here!
thanks for reading and your help sub.
 
Its still taking me time to get my PIX set up. I currently have it connected a 3548 series switch. The PIX will be replaced by a 2600 series router once I get my WIC cards. I am also going to use my 7200 router once I get the proper cards. Hmm... I never learned how to forward it onto a D-Link wireless router but you can buy wireless access points to configure with the IP address. I configured one a few weeks ago. I'm still having problems with my VPN set up. I can send you my configuration if you'd like, I currently have it set up for a one-to-many NAT, DHCP server and ports opened for my web server. I set up the VPN, a remote XP computer can connect but I can't access anything, just need to figure out where I went wrong.
 
yes; besides this Dlink DIR-655 router for the wireless part of the network I also have a wireless access point in the living room and a wireless pc card for my kids pc, besides two laptops windows and mac, could be 3 should I decided to use an old emachines I need this dlink working for sure; before I got the Dlink router after the cable modem and everything working inside my LAN but I was having hard time connecting from the outside on http or https or telnet, even I set up the ports on the router to be access from the outside; I think its firewall still nated everything; that is when I decided to get this apliance and a guy in town sold it to me for $45.00; I guess now I can learn some security settings to add to my small experience; problem still is I don't know what the lines in the configuration means or what they do; my knoledge is very limited with cisco; I can play around with the CLI and do some settings but that is; still half way on my CCNA.
I would love to know why there is not connectivity on my wireless router when I hook it to the Pix; with straight cable or with crossover cable (good both cables, tested and re-tested) my pc is green and good!!
It have to do with settings I reckon..but where and which ones and why is what I'm looking for..
 
Oh. I think I know where you're getting at now. Straight cable is what you need, not a crossover to connect the PIX and D-Link. Make sure you reset the D-Link wireless first. What you also need is another straight cable connect a PC to the wireless router, then you enter the static IP address from the PIX. Or you can make the PIX a DHCP server then the D-Link can grab the IP address and route it.
 
yup; the Pix is set as the DHCP. I'll try what you suggested and let you know;
 
nope; it worked for few minutes; I could configured the Dlink to just do the wireless, no DHCP, having the pix as DHCP; I can ping from the pc to the dlink and to the pix (default gateway) but i can't ping from the pix to inside, like, pix> Dlink or Pix> pc !!??
So I just connected the pc direct to port 1 on the pix; it still cannot ping the pc address but i do have connection to the internet!
I identified the Pix in Windows host file as the default gateway; even like this, if I open a command prompt and run an ipcofig /all i get the Dlink address as the default gateway! got to love it!
Another thing is, on windows, network connections, ipver.4, properties tab it states that my pc network adapter is configured as DHCP but I can't change that1 in ipconfig it shows as DHCP enable; I wonder if it is conflicting with the pix configuration.
In resume, this is not what i'm looking for; this way i still left off 1 ethernet cable that it needs to run from the pix because i intent to use the apliance as my VPN.
I downloaded from the web some VPN client softwares for my Mac but still need to fix this connection and configure it the right way.
I detest not to know enough to do it already !!
 

From your DSL router you must set a cable from the inside of the dsl router (ehternet) to the outside interface on your PIX.

You must then connect to your wireless router and disable DHCP in the configuration. The wireless access point also have a WAN port. This port should not be used anymore. Plug a cable between the LAN port(s) to one of the inside ports of the PIX.

This is the basic setup you need.

For VPN it is a bit more tricky.

If you wish to use PPTP which your Mac should natively be able to do (AFAIK) you must from the console do something like the following:

access-list 102 permit ip 192.168.5.0 255.255.255.0 any
access-list inside_outbound_nat0_acl permit ip any 192.168.5.0 255.255.255.0
ip local pool pptp-pool 192.168.5.0-192.168.5.15
nat (inside) 0 access-list inside_outbound_nat0_acl
sysopt connection permit-pptp
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe auto
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client configuration dns 193.88.44.22
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username john password smith
vpdn enable outside
dhcpd auto_config outside

192.168.5.0 should be a different network than your local network (ipconfig)

193.88.44.22 should be changed to the ip address of your outside interface of the PIX.

change the john and smith to your user and password to connect to through vpn.

Make sure your DSL is forwarding everything to the PIX and that PPTP pass-through is enabled.

Note: I am no expert and just made my own box work after hours of google-searching.




 
The only thing is mine is a cable modem not a DSL; I have straight Internet connection; no authentication or passwords.
I reckon I need to substitute the ip 192.168.5.0 for my inside ip's after looking at ipconfig? or should I type exactly what you suggested?
 
1. Be sure that your wireless access point does not give out IP addresses. (DISABLE DHCP)

2. The 192.168.5.x's in the config should be just fine as long as your own machine does not get such an IP from the pix. It needs to be a different subnet than your workstation will get. When a VPN client connects and wants to talk to a server or whatever it will be routed to the correct local net by the PIX automatically.

/C
 
For some reason now I can't not get to the default ip address/router page of my Dlink router but it is working and the wireless working too;another thing is I'm using cables in this fashion;
cable modem> crossover pix501>port1,2,3 straight(cisco lab rack, 2 for the nic on the AP9211 power switches, 1 for internet access to a cisco 24 ports switch) port4> straight Dlink DIR-655 ( connected to port 1 on Dlink).
I don't think I have to use crossover from pix to dlink; the pix connection diagram shows the connection to the pix from the modem to use a crossover.
Another thing is also I will have to change ip addresses on the nics of the home lab power switches; I want to be able to access them by VPN from the outside and to being able to telnet as well to my access server in that rack; I can do all this fine from the inside.
The reason I got the pix is to be able to do it from the outside; the dlink spi firewall won't let me to connect, even redirecting ports; it is a VPN pass-through router; I'm not very familiar with VPN but I think that is why.
I'm trying to save a config from my pix so I can post it to see if I can get more specific help on this one.
In the meantime thanks all for the inputs..very valuable whatsoever, specially aZ!
Don't forget I've been days with this and is not fully configured and working yet; I want it to work and get done with it!! lol will i ever achieve that?!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top