Help with PIX 501 firewall inside Netopia 3546 DSL modem

Unanswered Question
Feb 28th, 2007

Hi,

I've followed every bit of instruction I can find but my network is still failing. The evidence suggests that internal computers are unable to find a DNS server.

My configuration is suspect however. The PIX internal interface is set as a DHCP server for 192.168.1.X. The outside interface is set to static IP with our assigned IP address.

The Netopia 3546 is set up as a bridge with DHCP server and NAT turned off. However, the Netopia has address 192.168.1.254 and is OUTSIDE the firewall, so clearly that is a problem.

I'd really appreciate help on how to configure these two boxes.

Thanks,

Blake

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bwalchez Tue, 03/06/2007 - 12:15

I think that you need a DHCP relay agent must be needed for the relay the dhcp traffic.

Kamal Malhotra Tue, 03/06/2007 - 12:27

Hi,

Are the inside hosts able to ping resources on the internet? If yes then you might want to configure the DNS server as 4.2.2.2 in the DHCP configuration of the PIX.

HTH,

Please rate if it helps.

Regards,

Kamal

acomiskey Tue, 03/06/2007 - 12:31

Is this an isp supplied router? Address of router should be same subnet as your outside firewall. Is this pppoe?

suschoud Tue, 03/06/2007 - 13:05

do the following tests and put in the results :

1. from the pix's console/telnet session,ping 4.2.2.2 and see if we have response or not.

2. if we have a response,pix is on internet.

3. othwise,check this on pix.

1)). there should be a valid public ip address on the outside interface of pix.

2)). there should be a d.g specified.

you can check that by :

sh route " command.

let's say you have d.g 1.1.1.1

then,

you need to add this command:

route outside 0 0 1.1.1.1

4. if we have a route,and still u r not able to ping d.g or 4.2.2.2,there's an issue with netopia.

5. if we have a positive response from 4.2.2.2,pix is on internet and we need to make sure that we have correct settings on the pix so that internal hosts could access internet.

CHECK THESE AGAIN :

these commands should be in pix:

nat (inside) 1 0 0

global (outside) 1 interface

on the host machine behind the pix:

ipconfig /all

this should give u a dhcp ip address,d.g and dns servers.

in the command prompt:

>nslookup

>www.yahoo.com

>you should get an ip address here.

If you do not,an issue with dns.please specify 4.2.2.2 and 4.2.2.3 as primary and secondary dns servers in the dhcpd settings of pix and you should be all set.

as far as netopia is concerned,i have n't got the expertise with that.

hope this helps!!

Sushil

Cisco TAC.

Actions

This Discussion