cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
513
Views
0
Helpful
4
Replies

Help with PIX 501 firewall inside Netopia 3546 DSL modem

blakeroo1
Level 1
Level 1

Hi,

I've followed every bit of instruction I can find but my network is still failing. The evidence suggests that internal computers are unable to find a DNS server.

My configuration is suspect however. The PIX internal interface is set as a DHCP server for 192.168.1.X. The outside interface is set to static IP with our assigned IP address.

The Netopia 3546 is set up as a bridge with DHCP server and NAT turned off. However, the Netopia has address 192.168.1.254 and is OUTSIDE the firewall, so clearly that is a problem.

I'd really appreciate help on how to configure these two boxes.

Thanks,

Blake

4 Replies 4

bwalchez
Level 4
Level 4

I think that you need a DHCP relay agent must be needed for the relay the dhcp traffic.

Kamal Malhotra
Cisco Employee
Cisco Employee

Hi,

Are the inside hosts able to ping resources on the internet? If yes then you might want to configure the DNS server as 4.2.2.2 in the DHCP configuration of the PIX.

HTH,

Please rate if it helps.

Regards,

Kamal

acomiskey
Level 10
Level 10

Is this an isp supplied router? Address of router should be same subnet as your outside firewall. Is this pppoe?

do the following tests and put in the results :

1. from the pix's console/telnet session,ping 4.2.2.2 and see if we have response or not.

2. if we have a response,pix is on internet.

3. othwise,check this on pix.

1)). there should be a valid public ip address on the outside interface of pix.

2)). there should be a d.g specified.

you can check that by :

sh route " command.

let's say you have d.g 1.1.1.1

then,

you need to add this command:

route outside 0 0 1.1.1.1

4. if we have a route,and still u r not able to ping d.g or 4.2.2.2,there's an issue with netopia.

5. if we have a positive response from 4.2.2.2,pix is on internet and we need to make sure that we have correct settings on the pix so that internal hosts could access internet.

CHECK THESE AGAIN :

these commands should be in pix:

nat (inside) 1 0 0

global (outside) 1 interface

on the host machine behind the pix:

ipconfig /all

this should give u a dhcp ip address,d.g and dns servers.

in the command prompt:

>nslookup

>www.yahoo.com

>you should get an ip address here.

If you do not,an issue with dns.please specify 4.2.2.2 and 4.2.2.3 as primary and secondary dns servers in the dhcpd settings of pix and you should be all set.

as far as netopia is concerned,i have n't got the expertise with that.

hope this helps!!

Sushil

Cisco TAC.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: