franksoprano
Technical User
Are there any tutorials I can follow to help me setup my pix 501.... I cannot seem to get my pc to be able to see beyond the firewall... Anyone have any clues as to why?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Pix 501 Setup......
- Thread starter franksoprano
- Start date
- Status
- Thread starter
- #3
franksoprano
Technical User
Im sorry, 
I am connecting to a cable modem, my config looks like this:
pixfirewall# sh config
: Saved
:
PIX Version 6.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
name 192.168.1.3 wumagic
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info
ip audit attack action alarm
pdm location wumagic 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route inside wumagic 255.255.255.255 192.168.1.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:3db57704ed421e3bd627142d574d71f5
pixfirewall#
My Pc is directly attached to the PIX, after I have it configured I am going to hook up my Router and switch..
Thanks For your Help!
I am connecting to a cable modem, my config looks like this:pixfirewall# sh config
: Saved
:
PIX Version 6.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
name 192.168.1.3 wumagic
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info
ip audit attack action alarm
pdm location wumagic 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route inside wumagic 255.255.255.255 192.168.1.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet timeout 5
ssh timeout 5
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:3db57704ed421e3bd627142d574d71f5
pixfirewall#
My Pc is directly attached to the PIX, after I have it configured I am going to hook up my Router and switch..
Thanks For your Help!
What are you trying to accomplish with this line?
route inside wumagic 255.255.255.255 192.168.1.1
This line is also not needed. You are using the dhcp server of the pix. I assume this is your workstation name. The ip may change making this line useless.
name 192.168.1.3 wumagic
Remove these lines and your workstation will be able to get out.
Do a 'clear xlate' after you remove them.
--
Ed McLaughlin, MCP
Senior Software Engineer
route inside wumagic 255.255.255.255 192.168.1.1
This line is also not needed. You are using the dhcp server of the pix. I assume this is your workstation name. The ip may change making this line useless.
name 192.168.1.3 wumagic
Remove these lines and your workstation will be able to get out.
Do a 'clear xlate' after you remove them.
--
Ed McLaughlin, MCP
Senior Software Engineer
If you are setting your workstation TCP information up manually, you should pick an IP outside this range:
dhcpd address 192.168.1.2-192.168.1.33 inside
If you set it up manually, don't forget to include a default gateway. In your case, 192.168.1.1
--
Ed McLaughlin, MCP
Senior Software Engineer
dhcpd address 192.168.1.2-192.168.1.33 inside
If you set it up manually, don't forget to include a default gateway. In your case, 192.168.1.1
--
Ed McLaughlin, MCP
Senior Software Engineer
- Thread starter
- #6
franksoprano
Technical User
Thanks for the info I will give it a shot, so I will actually be better off letting TCP info configure automatically instead of setting it manually since I am using DHCP.. Yes thats correct that Wumagic is my workstation name, I will remove those entries and see what happens.. I appreciate the help!
- Thread starter
- #7
franksoprano
Technical User
I tried removing those lines and executing "clear xlate" and that did not work, I was still not able to get out.. So I have restored the Pix back to its original configuration out of the box, what exactly do I have to do to get my pc's to be able to get out to the internet?
Thanks Again!
Thanks Again!
Are you sure your pix is obtaining an outside IP from your provider?
Issue a 'show ip' and make sure your outside interface is getting an ip from your provider.
Try pinging an inside ip (your workstation) and then an outside ip (this website).
Output should look something like this:
gateway# ping 192.168.1.1
192.168.1.1 response received -- 0ms
192.168.1.1 response received -- 0ms
192.168.1.1 response received -- 0ms
gateway# ping 216.45.19.33
216.45.19.33 response received -- 60ms
216.45.19.33 response received -- 60ms
216.45.19.33 response received -- 60ms
--
Ed McLaughlin, MCP
Senior Software Engineer
Issue a 'show ip' and make sure your outside interface is getting an ip from your provider.
Try pinging an inside ip (your workstation) and then an outside ip (this website).
Output should look something like this:
gateway# ping 192.168.1.1
192.168.1.1 response received -- 0ms
192.168.1.1 response received -- 0ms
192.168.1.1 response received -- 0ms
gateway# ping 216.45.19.33
216.45.19.33 response received -- 60ms
216.45.19.33 response received -- 60ms
216.45.19.33 response received -- 60ms
--
Ed McLaughlin, MCP
Senior Software Engineer
- Thread starter
- #10
franksoprano
Technical User
Good looking out! It seems that my pix is not picking up a IP address from my ISP, I am writing this message on the same connection that I am connecting the pix to, so I know the connection from my ISP is good, the sh ip display is:
pixfirewall# sh ip
System IP Addresses:
ip address outside 127.0.0.1 255.255.255.255
ip address inside 192.168.1.1 255.255.255.0
Current IP Addresses:
ip address outside 0.0.0.0 0.0.0.0
ip address inside 192.168.1.1 255.255.255.0
pixfirewall#
as you can see the outside ip address is 0.0.0.0 ..... my ISP automattically assigns ip addresses, so they are not static... What shall i do at this point?
Thanks for the support!!
pixfirewall# sh ip
System IP Addresses:
ip address outside 127.0.0.1 255.255.255.255
ip address inside 192.168.1.1 255.255.255.0
Current IP Addresses:
ip address outside 0.0.0.0 0.0.0.0
ip address inside 192.168.1.1 255.255.255.0
pixfirewall#
as you can see the outside ip address is 0.0.0.0 ..... my ISP automattically assigns ip addresses, so they are not static... What shall i do at this point?
Thanks for the support!!
I see that you are connecting with a cable modem... Unplug the cable modem and the pix. (Remove power sources.)
Remove the network cable that connects the pix to the modem.
Wait 1 or 2 minutes and then plug the modem in. Once the modem goes online (look at the status lights), plug the network cable in and power up the pix. Your cable modem 'remembers' the last MAC interface that was connected to it. This is probably your computers interface. The modem won't talk to anything else until you reset it by removing power.
Once the pix initializes, access it and do a 'show ip' to see if this worked.
--
Ed McLaughlin, MCP
Senior Software Engineer
Remove the network cable that connects the pix to the modem.
Wait 1 or 2 minutes and then plug the modem in. Once the modem goes online (look at the status lights), plug the network cable in and power up the pix. Your cable modem 'remembers' the last MAC interface that was connected to it. This is probably your computers interface. The modem won't talk to anything else until you reset it by removing power.
Once the pix initializes, access it and do a 'show ip' to see if this worked.
--
Ed McLaughlin, MCP
Senior Software Engineer
HI.
And if the previous suggestion didn't help, you can also try to use auto negotiation for the outside interface:
interface ethernet0 auto
Bye
Yizhar Hurwitz
And if the previous suggestion didn't help, you can also try to use auto negotiation for the outside interface:
interface ethernet0 auto
Bye
Yizhar Hurwitz
- Thread starter
- #13
franksoprano
Technical User
"Its Not Always The Rocket Science" Sometimes in life its the simplest things that get us.... That WORKED!! I appreciate your help with my problem!!
- Status
Similar threads
- Locked
- Question
- Locked
- Question