PIX 501 and Internet Access Issue

otnj2ee · ‎04-02-2007

My network is very simple, like this: A DSL Modem is connected to a Cisco PIX 501 firewall/router, and a computer is connected to this firewall.

Now this PIX 501 box has two interfaces: Inside (192.168.1.1) and the netwroked PC (192.168.1.2). The outside interface is set to DHCP to be dynamically assigned an IP by the ISP's DNS server (192.168.0.1).

My networked PC (running Windows XP) is configured with an static IP (192.168.1.2), default Gateway (192.168.1.1 which is the PIX 501), and the DNS IP (192.168.0.1 which is the ISP's DNS Server).

But I can NOT access the internet. I can Ping 192.168.1.1 (the inside interface) but not the outside (192.168.0.1).

What am I missing and what should I do?

****************

Please note:

I attached a file which shows the current PIX config. Please refer to the attachment below.

******************

Thanks

Scott

rajbhatt · ‎04-03-2007

Hi Scott,

You will not be able to ping the pix outside interface from the PC as a rule.

Try this :

config #ip address outside dhcp setroute

config#cl xl

Now check from the pix if u are able to ping the gateway and internet from the pix .

Check out this link :

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/pixclnt.htm#wp1031781

Raj

otnj2ee · ‎04-03-2007

Thanks for the info. I am not at the PIX at this moment, but I'll try it later.

Just by going through the link reference:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/pixclnt.htm#wp1031781

I generated some questions:

1) The document says:"Use of the DHCP client feature to acquire an IP address from a generic DHCP server is not supported."

--What does it mean by generic DHCP server? If I am using the Yahoo/AT&T as my ISP, is this a generic DHCP server?

2)The document says:

"Use the global command with the interface keyword to enable PAT to use the DHCP-acquired IP address of outside interface"

--In my current config, there has already been a statement:

global (outside) 1 interface

--Do I still need to do what the docment says? If so, what should be the statement?

3)The document syas:

"Do not configure the PIX Firewall with a default route when using the setroute argument of the ip address dhcp command"

ip address outside dhcp [setroute]

--In my case, should or should not I use the [setroute]?

--How can I find out if my PIX fiewall has been configured with a default route?

Thanks

Scott

rajbhatt · ‎04-03-2007

Hi Scott,

I am not sure what a generic dhcp server means ur isp will be able to guide u better here .

Secondly U need to use

glo (outside ) 1 interface as the patted address.

Thirdly in the config I do not see a default route .

So the command u would use is

ip address outside dhcp setroute

And to check the routes u need to add :

sh route .

It will show the defualt route aquired by the firewall through dhcp

Raj

LEACHMIKE · ‎04-04-2007

If your outside interface is set for DHCP, then your address will come from the DSL modem. Check that DHCP is enabled on the DSL modem. I have the same setup as you and it is the DSL device that you should check