Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Help with PIX 501 firewall inside Netopia 3546 DSL modem

Hi,

I've followed every bit of instruction I can find but my network is still failing. The evidence suggests that internal computers are unable to find a DNS server.

My configuration is suspect however. The PIX internal interface is set as a DHCP server for 192.168.1.X. The outside interface is set to static IP with our assigned IP address.

The Netopia 3546 is set up as a bridge with DHCP server and NAT turned off. However, the Netopia has address 192.168.1.254 and is OUTSIDE the firewall, so clearly that is a problem.

I'd really appreciate help on how to configure these two boxes.

Thanks,

Blake

4 REPLIES
Community Member

Re: Help with PIX 501 firewall inside Netopia 3546 DSL modem

I think that you need a DHCP relay agent must be needed for the relay the dhcp traffic.

Cisco Employee

Re: Help with PIX 501 firewall inside Netopia 3546 DSL modem

Hi,

Are the inside hosts able to ping resources on the internet? If yes then you might want to configure the DNS server as 4.2.2.2 in the DHCP configuration of the PIX.

HTH,

Please rate if it helps.

Regards,

Kamal

Green

Re: Help with PIX 501 firewall inside Netopia 3546 DSL modem

Is this an isp supplied router? Address of router should be same subnet as your outside firewall. Is this pppoe?

Cisco Employee

Re: Help with PIX 501 firewall inside Netopia 3546 DSL modem

do the following tests and put in the results :

1. from the pix's console/telnet session,ping 4.2.2.2 and see if we have response or not.

2. if we have a response,pix is on internet.

3. othwise,check this on pix.

1)). there should be a valid public ip address on the outside interface of pix.

2)). there should be a d.g specified.

you can check that by :

sh route " command.

let's say you have d.g 1.1.1.1

then,

you need to add this command:

route outside 0 0 1.1.1.1

4. if we have a route,and still u r not able to ping d.g or 4.2.2.2,there's an issue with netopia.

5. if we have a positive response from 4.2.2.2,pix is on internet and we need to make sure that we have correct settings on the pix so that internal hosts could access internet.

CHECK THESE AGAIN :

these commands should be in pix:

nat (inside) 1 0 0

global (outside) 1 interface

on the host machine behind the pix:

ipconfig /all

this should give u a dhcp ip address,d.g and dns servers.

in the command prompt:

>nslookup

>www.yahoo.com

>you should get an ip address here.

If you do not,an issue with dns.please specify 4.2.2.2 and 4.2.2.3 as primary and secondary dns servers in the dhcpd settings of pix and you should be all set.

as far as netopia is concerned,i have n't got the expertise with that.

hope this helps!!

Sushil

Cisco TAC.

350
Views
0
Helpful
4
Replies
CreatePlease to create content