Re: Help configuring PIX 501

sparkyjp483 · ‎01-18-2006

Hi,

Please can someone help me. I'm really new to this so it might sound trivial you all.

We have just purchased a PIX 501 firewall and I'm trying to access the CLI I type telnet 192.168.1.1 (internal IP of 501) and it denys me access. Am I doing thiw wrong? please can someone advise.

Also:

I want to stop the firewall responding to pings on the outside interface. I have read documentation which stated to add the following line to the config file:

icmp deny any outside

However I have since read that you should allow "unreachable message 3 otherwise ipsec stops working please can someone tell me how to do this?

Also how to I find out what the IP address is on the external interface.

Forgive my basic questions. i work in a small office and have never had to do anything like this before!

jackko · ‎01-18-2006

by default telnet is not permitted. to configure, you need to console into the pix and do "telnet inside"

not too sure why ipsec would stop working without pinging. perhaps, you may post the article.

in order to find out ip, do "sh ip" on the pix.

d-roush · ‎01-19-2006

connect using a console cable and hyperterminal from your desktop/laptop.

You will need to enable telnet from the inside network.

config t

telnet 192.168.1.0 255.255.255.0 inside

This allows any host on the 192.168.1.0/24 network to access the firewall via telnet.

To allow icmp unreachables use an access list:

access-list 101 permit icmp any any unreachable

access-group 101 in interace outside

To find the outside ip address do a "sh int".

By default the pix501 will be setup to use dhcp on the outside interface.

Here is a link to the command reference.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_book09186a008017284e.html

sparkyjp483 · ‎01-19-2006

hi thank you both very much for your help. I will give it a go.