Re: setting up pix

carl_townshend · ‎03-13-2006

Hi all, Im new to using pix but I have managed to source one at home, a pix 501, I have a dsl internet connection on my cisco soho router, Can anyone please tell me simple steps in setting this pix up for internet access ?, configs and what needs plugging where would be helpful.

Thanks a million

Carlos

Patrick Laidlaw · ‎03-13-2006

carlos,

If its a brand new pix 501 it should already have a default config that will allow you to plug it into a dsl or cable modem that is issueing DHCP. It then should allow you to connect a pc on the inside lease a DHCP address from the pix and allow you access out.

To make any more changes you can either use pdm or cli. I recommend PDM for anyone not confortable with CLI. If you post your cli config I can tell you if its setup with the default config or not. For more information go to cisco's learning connection:

http://cisco.customerelearning.com/CECLMS/lang-en/management/TAX_Search.asp?UserMode=0&NodeID=0&SelectedNodeID=0&VSC=TAX_CiscomView_All&VSO=A&SearchNodeId=0&OrCategory=&SearchStr=&AdvType=2&FindBy=1&Delivery+Type=&Method=&Language=&LearnPartner=&Care...

or go to the pix area and look at the documentation on the right side:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/

Patrick

jackko · ‎03-13-2006

the first question is whether you would prefer the public ip to be assigned on the router as before, or on the pix.

the pros to assign the public ip on the pix is that you will only need to play with a single device in the future, and you don't need to login to the soho for any change.; the cons is that a little bit more configuration needs to be completed.

personally, i would assign the public ip on the pix. it requires to re-configure the soho to run in bridging mode as opposed to the typical routing mode, and configure pppoe (optional) on the pix if required by the isp.

below are the sample codes for router running in bridging mode:

interface Ethernet0

no ip address

no ip route-cache

bridge-group 1

hold-queue 100 out

!

interface ATM0

no ip address

no ip route-cache

no atm ilmi-keepalive

pvc 8/35

encapsulation aal5snap

!

dsl operating-mode auto

bridge-group 1

!

ip classless

ip http server

!

bridge 1 protocol ieee

below are the sample codes for pix with pppoe:

ip address outside pppoe setroute

ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

vpdn group pppoe_group request dialout pppoe

vpdn group pppoe_group localname

vpdn group pppoe_group ppp authentication chap

vpdn username password

carl_townshend · ‎03-13-2006

Thanks for being so Helpful, I have someone here who is a CCIE, he says you dont need to run the routers in bridging mode, my other question is if I put my isp WAN ip on the pix, what ip addresses would I give my router as I thought this is already pulling in the wan ip to the dialler interface ?

thanks

Carlos

jackko · ‎03-13-2006

this is exactly why it is needed to re-configure the router running in bridging mode, which has no ip address on any interface. thus the only way to connect to the router afterwards is console.

as mentioned in my previous post, this is not necessary. you may deploy the pix without any public ip.

e.g.

internet <--> (public ip) router (192.168.1.1) <--> (192.168.1.2) pix (192.168.100.1) <--> 192.168.100.0

however, you would need to play with both device for any future changes.

carl_townshend · ‎03-14-2006

Can you please post me an example config for the router outside then pix option ?

thanks

jackko · ‎03-14-2006

just wondering if you are referring to the one with router in bridging mode, and pix with pppoe. if so, they are already posted. please read my first post.

carl_townshend · ‎03-14-2006

do we have to use pppoe, My router is set up for pppoa !!

jackko · ‎03-14-2006

pppoa is over atm interface; whereas pppoe is over ethernet. pix has no atm interface, thus it supports only pppoe.

these days both pppoe and pppoa should be supported at the isp end, at least in australia.

carl_townshend · ‎03-14-2006

but the dsl is still connected from my atm0 on my router which is set up with pppoa, does this need to be taken off ?

jackko · ‎03-14-2006

please excuse me for not being able to explain the concept well.

dsl is still connected to the router atm interface, and that is exactly why the router needs to be re-configured in running bridging mode.

carl_townshend · ‎03-15-2006

Hi Jackko

thx for the reply, will i still be using pppoa on my dsl interface and will this still bring up the connection via a dialler and access list ?