1. Home
  2. Cisco Systems
  3. PIX 501 Configuration Using PDM

PIX 501 Configuration Using PDM

Hi All,

I'm a newbie working with a hardware firewall and am lost getting a working configuration to where I can get response from the outside. I'm working with the PDM software to configure the router. Here's my network and configuration:

-->DSL with static public ip address natted to private ip address of

192.168.0.104 (Netopia Cayman dsl router/modem with ip of 192.168.0.254)-->going from netopia lan port to Cisco 501 port 0.

-->Windows 2003 server with static ip of 192.168.1.104 to Cisco 501 (with ip of 192.168.1.1) lan port.

-->I have turned off dhcp in the 501.

-->I've configured the outside interface Source to any and the destination inside source to 192.168.1.1.

-->What else am I missing? What else needs to be configured.

Any help is appreciated.

Thank, Frank Angel

Reply to
Frank Angel
Loading thread data ...

In article , Frank Angel wrote: :I'm a newbie working with a hardware firewall and am lost getting a working :configuration to where I can get response from the outside.

What kind of response?

:-->I've configured the outside interface Source to any and the destination :inside source to 192.168.1.1.

? Configured where? This sounds sort of like an access-list configuration but I'm having a bit of trouble following the meaning. Is this something you configured on the Netopia?

:-->What else am I missing? What else needs to be configured.

How are you testing? If you are testing using ping then a trick you need to know is that the PIX does not keep very good state on icmp (which isn't a "connection-oriented" protocol), so if you want to be able to get ping replies you often need to explicitly configure the PIX outside ACL to permit incoming icmp echo-reply .

You can also theoretically have problems with DNS, since DNS is UDP and the PIX by default assumes that UDP that has not had traffic for 2 minutes is finished and would automatically close the translation. Thus, in some cases you may need to explicitly configure the PIX outside ACL to permit incoming messages with a source of udp 53 (DNS) and a destination of udp 137 (NETBIOS), udp 53 (microsoft DNS client) or udp above 1023 (standard DNS clients.) In -practice- though, most DNS replies are within about 70 seconds (there are 1 minute timeouts for some operations) so -usually- the default of 2 minutes is okay.

What default route have you set on the PIX?

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.