Pix Firewall 6.3.4 Setup

[kam72]

Hi Everybody

I have pix firewall which i want to connect to my pc.

I am unable to access PDM Setup Wizard. Currently my current setup is:

1. Netgear ADSL Modem conneted to PC through USB.
2. Pix Firewall is connected to netgear through X over
cable.
3. PC is connected to Pix firewall switched inside port
through ethernet cable.
4. Pix firewall is connected to wall socket.
=========================================================
When i type

https://192.168.1.0

i am unable to enter into PDM startup page.

When i type

http://192.168.0.1

i am able to connect the netgear startup page.
==========================================================
Can anyone let me know how the pix firewall work with netgear ADSL modem.

Thanks

 

[dopehead]

Why is the adsl modem connected to the usb port, are you not trying to get the firewall between your pc and the internet ? Also, 192.168.1.0 is not a valid adress. Have you configured the pix at all, by default it also uses 192.168.0.1 as your netgear does, and it also has a dhcp server enabled.

Network Systems Engineer
CCNA/CQS/CCSP/Infosec
Check the danish Cisco CSA Forum here :

http://www.csaforum.dk

 

[ITidiot]

Hi kam72,

I Have just configured my first PIX this week with some great advise from some of the members on this site, so i am going to pass on the goodwill.

The PDM software is great for monitoring the Firewall but i found it really tricky to configure it. I would really recommend that you use the IOS - Command Line Interface; using the Blue console Cable.

But back to the Config....First Some Questions
- Has the Netgear ADSL modem got a Public IP address(Static) Configured?
- Whats the make and model of the Netgear.
- Is the PIX going to be attached to your network or just one PC (home user)

If you really want to use the PDM
- Have you got Java installed on your PC that you are trying to configure it from because you will need it to use PDM? (check in Internet Explorer by: Tools, Internet Options, Advanced, (scroll down to see if you have Java enabled)
- Connect your crossover cable into your PC network card and into the iside port/Ethernet 1
- Assign your PC temporary IP address of 192.168.1.10 255.255.0.0 (this we definatley make sure you can communicate.

That should work!

 

[ITidiot]

dopehead correct

The PIX Factory Default IP address and path for PDM is

Https://192.16.1.1/startup.html

If you are trying to config the PIX on a different network than 192.16.1.0 you will have to add the following commands using the IOS

(in enabled, and config t)

no http 192.168.1.1 255.255.255.0 inside
http [Your network Address] [your subnet mask] inside
Write memory

 

[kam72]

Hi Everybody
Firstly i thanks to everybody to help me.
As per your instructions i have configured through console cable. But i am unable to connect to the internet. Can you please check the below config file
==========================================================
melbourne(config)# sh config
: Saved
: Written by enable_15 at 04:57:34.257 UTC Wed Aug 24 2005
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname melbourne
domain-name lexiainfotech.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 101 permit tcp any 192.168.0.0 255.255.255.0 eq www
access-list 101 permit tcp any 192.168.0.0 255.255.255.0 eq ftp
access-list 101 permit icmp any 192.168.0.0 255.255.255.0
access-list 101 permit ip any any
access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list location2 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.25
5.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
nat (inside) 0 access-list 102
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
access-group 101 in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.0.1 255.255.255.255 inside
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
crypto ipsec transform-set pix esp-des
crypto map location2 10 ipsec-isakmp
crypto map location2 10 match address location2
crypto map location2 10 set peer 61.17.252.xxx
crypto map location2 10 set transform-set pix
crypto map location2 interface outside
isakmp enable outside
isakmp key ******** address 61.17.252.xxx netmask 255.0.0.0
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:e2b946b5cf3f2716a1fc6620c54f1fd0
===========================================================

 

[vlf]

You're going to a global (outside) 1 interface.