PIX501 Newbie & DNS

I am still learning this.Have a pix501 that sits behind a linksys router for the time being.I have set the ethernet inside ports to give out a ip address via dhcp and the dns server settings I have tried both the ip of my linksys router and the dns servers of the isp. I can type in the ip of a website and browse to it but when I type in the url address it times out. Not sure what I'm missing and any help would be much appreciated.

Reply to
mousemen
Loading thread data ...

You may wish to investigate Configure a Cisco PIX 501 Firewall with this template:

formatting link
as well as the Cisco PIX VPN GUI Config:

formatting link
Sincerely,

Brad Reese

2007 Cisco Salary Rates
formatting link
Reply to
www.BradReese.Com

Are you sure that the pix is giving out the DNS server address. What happens when you manually configure the ISP's DNS in your NIC settings?

Chris.

Reply to
chris

It is giving it out as when I do a ipconfig /all there are listed in the list. I have tried to input them manually with the same result. I will look into the above links to see if I could get it, If not I'll post back. Thank yoiu

Reply to
mousemen

Here is what I have. cable modem (dynamic ip) > linksys wireless router > pix501

ip address inside 192.168.1.1 255.255.255.0 ip address outside 192.168.2.254 255.255.255.0 interface ethernet0 auto interface ethernet1 100full

route outside 0 0 192.168.2.1 nat (inside) 1 192.168.1.0 255.255.255.0 global (outside) 1 192.168.2.254 clock timezone CST -6 ntp server 192.168.1.50 source inside http server enable http 192.168.1.0 255.255.255.255 inside

access-list outbound permit tcp 192.168.1.0 255.255.255.0 any eq 80 access-list outbound permit tcp 192.168.1.0 255.255.255.0 any eq 20 access-list outbound permit tcp 192.168.1.0 255.255.255.0 any eq 21 access-group outbound in interface inside

write memory

I dont know if the fact that I dont have a publicly routeable ip on the outside interface. But I must be doing something wrong, as I still can not get it to work.I can type in the ip address of a website and it'll go to it. so I know the access rules are correct. But if I type in a url it just times out.

Reply to
mousemen

access-list outbound permit udp 192.168.1.0 255.255.255.0 any eq 53

others to consider

access-list outbound permit tcp 192.168.1.0 255.255.255.0 any eq 443 access-list outbound permit tcp 192.168.1.0 255.255.255.0 any eq 8080

Reply to
Wayne

Allowing DNS in your access list might help.

Reply to
chris

The DNS was trick. Once I put that in it worked. I've got a ways to go to learn this but I will get there. Thank you all for the help on this issue

Reply to
mousemen

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.