Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1567
Views
0
Helpful
17
Replies

PIX 515e Install

Go to solution
r.lent
Level 1
Level 1

‎10-17-2002 07:54 AM - edited ‎02-20-2020 10:18 PM

I am in the process of installing a PIX 515e to an ADSL router. I have all the IP addresses for the router etc. I am trying to connect this to a network on the internal interface of the PIX. (Please bare with me as I am new to firewalls!!)

I can ping the firewall from the network but I can not get any access to the internet. The initial setup documentation for the PIX implies that by default there is access out form the firewall but non in! I am obviously missing something here, i.e. teeling the network to route interent requests through the firewall!!! ???

Sorry to be so simplistic but I am learning all the time!

Thanks for any help.

Robin

0 Helpful
17 Replies 17

Go to solution
r.lent
Level 1
Level 1
In response to steve.barlow

‎10-23-2002 02:26 AM

Steve,

Progress at last!!

I can now Ping external sites form my workstation, microsoft, our own web site at Pipex, but not get to them form the browser.

I did get an error message on the first access-list command. It said that the address and mask were an unmatched pair!! These are the IP address given me by the ISP so I can not use any other.

The browser returns the usual DNS error. As I can ping the sites I asume that this is to do with the internal DNS server! Do I need to use the DNS IP address given me by the ISP anywhere?? On the PIX maybe?

Thanks for all your help.

Robin.

0 Helpful

Go to solution
steve.barlow
Level 7
Level 7
In response to r.lent

‎10-23-2002 04:00 AM

Have your DHCP server hand out the ISP DNS server IP or your internal DNS server IP to your users (see which works - would be best if your users point to your internal DNS server and your DNS server goes to the ISP DNS server). Check a users' PC to make sure they have a DNS server IP (from dos prompt: ipconfig /all) and that they can do nslookups. At this point it is probably only a DNS issue.

I am not suggesting to do this now but your PIX can be a DHCP server as well, just thought I would point it out to you.

If that DNS doesn't work I would remove "global (outside) 1 62.190.xxx.xxx-62.190.xxx.xxx netmask 255.255.255.248" and only use " global (outside) 1 interface". If you do this also remove "access-list 101 permit icmp any 62.190.x.x 255.255.255.248 echo-reply". But that is up to you, I prefer using 1 public IP for users going to the internet. Keep your other public IPs in reserve in case you need to allow access from the outside into your network (need static command and a public IP) or for other important things.

Hope it helps.

Steve

0 Helpful

Go to solution
r.lent
Level 1
Level 1
In response to steve.barlow

‎10-24-2002 02:05 AM

Steve,

Many, many thanks.

I found the root of the dns problem. This is now configured to forward requests to the ISP dns servers and I can get out to the internet from the network.

I am sure I would not have got here without your help.

Thanks Again,

Robin.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card