Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Connecting internet via PIX

Hello everybody. I need help

I have taken connection from ISP the ISP provided us VERILINK router our internet is working fine.

I have purchased Pix firewall i would like to use PIX firewall on my network. Can anyone provide me the configuration to connect to the internet.

Please note: PPPoe authentication is not required for this network. Because the cable is directly comming from the ISP. My current location is Australia.

Please reply asap.

Thanks

10 REPLIES
Gold

Re: Connecting internet via PIX

Abdul,

Firstly, you don’t mention what sort network topology you have or which PIX model or even what sort of service you want i.e. do you require SMTP access etc. But to access the internet via the PIX is very simple. As long as you have a public IP assigned to the outside interface of the PIX and a private IP assigned to the inside interface of the PIX and have a default route pointing to the IP address of the ISP router you should be good to go. The PIX by default allows all outbound connections from the inside network.

Ex:

ip address outside

ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0

Also, if you PIX is either a 501 or 506 and you are not going to use it for DHCP then you can clear DHCP activity from the device by issuing: (in config mode)

clear dhcpd

save with: write mem

Good luck and let me know how you get on.

Jay

New Member

Re: Connecting internet via PIX

Thanks its connected.

When i type sh route its shows OUTSIDE Connect STATIC.

But i am unable to browse internet. Here is the current setup.

1. From router STRAIGHT CABLE GOING INTO OUTSIDE

INTERSIDE OF PIX.

2. And from PIX inside interface crossover cable

going into Netgear 8 port switch(Currently Switch

mode is on NORMAL not on UPLINK)

3. Then from switch STRAIGHT cable going into the PC.

Please i have cleared DHCPD from Pix.

Can you please help me get on the internet.

Thanks

Gold

Re: Connecting internet via PIX

Try using a STRAIGHT cable from the PIX inside intf to the switch.

New Member

Re: Connecting internet via PIX

I did but still same problem

Gold

Re: Connecting internet via PIX

OK, couple of questions…

Have you got appropriate DNS server ip addresses setup on your internal PC’s? If you open up command prompt on one of your internal PC’s and type:

nslookup

set q=mx

cisco.com

Does it resolve name to IP for cisco.com ?

Can you post your PIX config (take out any sensitive info?)

Let me know.

New Member

Re: Connecting internet via PIX

PIX Version 6.3(4)

interface ethernet0 100full

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password uMFDHhXfNSC44v/R encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname rafay

domain-name wasay.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 61.29.xxx.xx 255.255.255.0

ip address inside 192.168.2.254 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

no failover ip address outside

no failover ip address inside

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 192.168.2.0 255.255.255.0 0 0

conduit permit icmp any any unreachable

route outside 0.0.0.0 0.0.0.0 61.29.xxx.xxx 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 0.0.0.0 0.0.0.0 outside

http 192.168.2.2 255.255.255.255 inside

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.2.30-192.168.2.250 inside

dhcpd dns 203.138.xxx.xxx 202.138.xxx.xxx

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd enable inside

terminal width 80

Cryptochecksum:2a86c0113810d40644972d8e7109abad

New Member

Re: Connecting internet via PIX

>

C:\Documents and Settings\pc8>nslookup

DNS request timed out.

timeout was 2 seconds.

*** Can't find server name for address 203.138.194.AA: Timed out

DNS request timed out.

timeout was 2 seconds.

*** Can't find server name for address 202.138.198.BB: Timed out

*** Default servers are not available

Default Server: UnKnown

Address: 203.138.194.BB

> set q=mx

> cisco.com

Server: UnKnown

Address: 203.138.194.AA

DNS request timed out.

timeout was 2 seconds.

DNS request timed out.

timeout was 2 seconds.

*** Request to UnKnown timed-out

>

Gold

Re: Connecting internet via PIX

Let’s do a little tidying up of your config:

Can you change this: (in config mode)

nat (inside) 1 192.168.2.0 255.255.255.0 0 0

to

nat (inside) 1 0 0

Takeout : nat (inside) 0 access-list 101 – I can not see why you have this in your config as it does not correlate to any ACLs?

Takeout the conduit for icmp too.

Make sure to issue : clear xlate and save with: write mem

Also, have you got the correct DNS IP addresses from your ISP?

So, your setup on the PIX should now look like this:

ip address outside 61.29.xxx.xx 255.255.255.0

ip address inside 192.168.2.254 255.255.255.0

global (outside) 1 interface

nat (inside) 1 0 0

route outside 0.0.0.0 0.0.0.0 61.29.xxx.xxx 1

Hope this helps and let me know how you get on.

New Member

Re: Connecting internet via PIX

Firstly thanks for helping.

I have tried it didnt work.

I have spoken to ISP they have provided following information.

1. 2 public IP (1 Public IP is for ISP router-61.29.12.xx and another public IP is for PIX-61.29.30.xx default gateway 61.29.30.xxx)

2. The ISP also asking to configure default gateway in PIX

====================================================

Here is the current config

====================================================

PIX Version 6.3(4)

interface ethernet0 auto shutdown

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname rafay

domain-name wasay

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 61.29.3x.xx 255.255.255.252

ip address inside 192.168.2.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address inside

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 61.29.12.xx 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.2.254 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Cryptochecksum:8ede417ccbf202d3152d3af4d1bb3b76

: end

rafay(config)#

====================================================

I am not connecting to the internet via PIX

Gold

Re: Connecting internet via PIX

2 public IP (1 Public IP is for ISP router-61.29.12.xx and another public IP is for PIX-61.29.30.xx default gateway 61.29.30.xxx)

www <-- 61.29.12.xx --> rouer <-- 61.29.30.xx --> <-- 61.29.30.xx> pix <-- 192.168.2.1 --> inside net

so, i guess the default gateway is 61.29.30.xx not 61.29.12.xx.

126
Views
5
Helpful
10
Replies
CreatePlease to create content