I have a pix 501 I have included the config below (as you can see its pretty much out of the box)
I also have a adsl line from an ISP. The ISP supplied a Zoom X3 ethernet modem. When the dsl line is connected to a pc it uses PPP half bridge and the nic in the pc picks up a dynamic address from the ISP.
Is it possible to take the ethernet cable from the adsl modem and put it into the outside interface of the PIX. From what I can see the outside interface on the Pix is set to DHCP. However when I plug it into the pix I cannot get out to the net and I cannot see an IP address on the outside int.
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd xxxxx encrypted
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community xxxx
no snmp-server enable traps
no sysopt route dnat
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
dhcpd address 192.168.1.2-192.168.1.129 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
You shouldn't have a problem using a PIX 501 with an aDSL connection. By default, the PIX acts as a DHCP server & client.
Can you ping the PIX from your internal network?
Can your ISP ping your PIX?
Are all your computers on the 192.168.1.0 net?
Have you checked your DHCP/NAT settings?
Try rebooting your PCs so they get the new gateway/DHCP server.
If all else fails, wr erase and start with a clean config.
The modem is set for PPP bridged mode. This is passing on the DHCP address to what ever is connect to the modem. Works fine on a pc but not on Pix 501
The ISP is using PPPoE LLC
Yes I can ping the pix from the inside
Can ping the pix outside because the Pix is not getting the dhcp address assigned by the ISP
All PC's on the 192.160.1.x net
What Dhcp/Nat setting, I am very new to Pix's
Reboot and the pc got ip addresses with the pix as gateway
I entered the command, I think it was already there (see config)
The pix took the command.
I tried turning on the ADSL modem first so it connects to the ISP and then the firewall. While it was booting I consoled on. It is trying to get an IP but it gets the following error
DHCP command failed
Warning: Start and End addresses overlap with broadcast address.
outside interface address added to PAT pool
if you are using a xdsl connection your probably need to configure the ppoe client on your pix. The easiest way to do this is using the PDM (graphical interface) and run the wizard.
You probable have to provide a username and password to log into your ISP.
Hi. Pix didn't support PPPOE until 6.2
You are running 6.1(4) so you'll have to upgrade. Once you upgrade to 6.2 or newer your config will look something like:
ip address outside pppoe setroute
vpdn group pppoe_group request dialout pppoe
vpdn group pppoe_group localname *****@sbcglobal.net
vpdn group pppoe_group ppp authentication pap
vpdn username *****@sbcglobal.net password *********
Also, see this document to configure PPPOE using the PIX:
Thanks for the reply. I upgraded the pix to 6.3. once I did this it picked up and address from the isp straight away.
I did not need the pppoe settings dhcp was enough.
However I have noticed that the pix is changing outside IP quiet often. any ideas?
Sometimes with ADSL connections as well as with cable modem connections where the ISP device issues the IP address via DHCP, the device may cache the mac address of the requesting machine. In your case, your PC's mac address may be cached in your ADSL modem. I have also found if my PIX (515) boots before the cable modem or ADSL modem is booted and does not recieve a DHCP address, it will not RE-Request and address. So I would try first rebooting the ADSL modem without your PC connected to it. Then connect your PIX and type the command:
ip address outside dhcp setroute
Then you should be able to do a "sh int" and see the ip address assigned to the interface.
Hope that helps...
Thanks for the reply. I noticed something similiar happening. I upgraded to 6.3 and the pix 501 picked up the DHCP address from the ISP straight away.
How ever I am noticing now the the dhcp address changes a random (short) time periods and this can affect some devices on the inside to require a reboot. I am sure the dsl modem and the pix have n ot power cycled, have you ever seen this?