12-15-2005 04:39 AM - edited 02-21-2020 12:35 AM
Hello everybody. I need help
I have taken connection from ISP the ISP provided us VERILINK router our internet is working fine.
I have purchased Pix firewall i would like to use PIX firewall on my network. Can anyone provide me the configuration to connect to the internet.
Please note: PPPoe authentication is not required for this network. Because the cable is directly comming from the ISP. My current location is Australia.
Please reply asap.
Thanks
12-15-2005 04:54 AM
Hi
Which PIX F/W model you have got for your network over there ?
Are you gonna directly connect the link from SP and assign a static ip to the PIX outside interface ??
i would suggest to refer these links to get started...
http://cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html
regds
12-15-2005 05:04 AM
Cable directly comming from the ISP
Pix version: 6.3(4)
====================================================
Currently Using the below config but not connecting to the internet
====================================================
vpdn group VPN accept dialin pptp
vpdn group VPN ppp authentication mschap
vpdn group VPN ppp encryption mppe 40
vpdn group VPN client configuration address local VPNPool
vpdn group VPN pptp echo 60
vpdn group VPN client authentication local
=====================================================
Any Suggestions
Thanks
12-15-2005 05:52 AM
hi
I m bit puzzled about the original post and the config pasted here.
you have got a PIX firewall connecting to the local ISP.
you have a local LAN behind that and you want to enable access to the internet for the local lan ?
is that the scenario u r tyring or planning to have out there ?
The configs posted here clearly tells that you trying to allow PPTP connections to ur PIX from the remote locations..is that the scneario you are trying out there ??
regds
12-15-2005 05:59 AM
I oplogise i posted the wrong command.
12-15-2005 04:55 PM
not sure what the issue is.
you mentioned the isp-link can be directly connected to the pix outside interface. so you can issue the command "ip address outside x.x.x.x 255.255.255.x" etc.
if further assistance is needed, please post the entire config with public ip masked.
12-16-2005 02:28 AM
Firstly thanks for helping.
I have tried it didnt work.
I have spoken to ISP they have provided following information.
1. 2 public IP (1 Public IP is for ISP router-61.29.12.xx and another public IP is for PIX-61.29.30.xx default gateway 61.29.30.xxx)
2. The ISP also asking to configure default gateway in PIX
====================================================
Here is the current config
====================================================
PIX Version 6.3(4)
interface ethernet0 auto shutdown
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxx
passwd xxxx
hostname rafay
domain-name wasay
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 61.29.3x.xx 255.255.255.252
ip address inside 192.168.2.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 61.29.12.xx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.2.254 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:xxxx
: end
rafay(config)#
====================================================
I am not connecting to the internet via PIX
12-27-2005 11:11 AM
Are you still having issues? To clarify you have the following setup?
ISP Router
61.29.12.xx
Want to ADD PIX
LAN (current working internet usage) without PIX
How is the PIX connected to ISP router?
How is the LAN connected to the PIX?
What Default Gateway/Proxy server address are you using?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: