×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

pix 501 setup issues

Unanswered Question
Dec 29th, 2006
User Badges:

I have a new 501 running 6.3(5) with a 10 user license. I have a network of 25 computers running local applications, we only need internet access through the firewall for 8 of the workstations. The setup is internet-DSL modem-PIX-switch. I have it up and connected, but I have issues: 1. Hosts that are not going to the internet are hitting the PIX and apparently taking up license slots -- if these hosts have their default gateway removed or altered, will this fix the problem? 2. One host simply can't access webpages although I can ping from it to the 'net. This machine works fine with my old firewall, I can't come up with theories why this is happening (the show local-host says I have available spots..) 3. The show local-host print out says I only have 8 maximum active connections, shouldn't that say 10? TIA

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

One way to limit the hosts that can access the Internet is to statically assign addresses to the permitted hosts in a permitted NAT range, and set up DHCP for everyone else outside of the permitted NAT range.


I've also had issues with Internet access to some sites due to the default behavior of the DNS check. It kills all DNS packets longer than 512 bytes (and some DNS clients use larger request packets).


Try resetting the DNS inspect maximum-length to 1500 bytes. It worked for me...

Actions

This Discussion